On Tue, Jul 7, 2009 at 12:46 PM, Michel R Vaillancourt<[email protected]> wrote: > > Hello to the list. A customer of mine had a lousy time this morning > with his IP PBX because his upstream ITSP provider was DOS'd. In > conversation with the ITSP afterwards, I was told that because the > customer was using IAX2, they were particularly susceptible to service > interruptions of this kind. Essentially, IAX2 was significantly more > fragile "in the wild" than SIP was. If my customer wanted stability and > surety , the answer was migrate away from IAX2 to SIP. > > My question to the folks out here "in the wild" is if this statement > and recommendation holds water with what you have all seen in your > experiences. I'm looking for facts and experience as much as possible, > so that I can make the right recommendation for my customer. > > Thanks in advance for the help. > > --Michel >
I won't get into any of my other opinions of IAX2 here. Yes, since it uses a single port, DoS is fairly easy by banging on it really hard. I am not sure that there is any mechanism such as SER round robbin to mitigate DoS attacks for IAX2 by spreading them across boxen. I guess if you used round robin DNS entries, that could work, but Asterisk doesn't handle DNS failures very gracefully, that is why I (almost) always hard code an IP. Anyways, your provider should have something in place to recognize DoS attacks and block them at the firewall, then it becomes a bandwidth issue rather than an Asterisk capability issue. -- Thanks, Steve Totaro +18887771888 (Toll Free) +12409381212 (Cell) +12024369784 (Skype) _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
