> (I've just had 30GB of sipvicious traffic sent to my hosted servers in a > 12-hour period - it came from what looked like a VPS host in France - > trivially firewalled out, but even dropping the packets didn't stop the > flood! It's so badly written it appears to just ignore any return codes > that it doesn't want, or even no returns at all!) > http://blog.sipvicious.org/2010/06/how-to-crash-sipvicious-introducing.html
It looks like it has been updated so that (with the newer version) this won't happen. I think that fail2ban or equivalent could be used to block the offending IP, and also execute the provided svcrash.py which will send it's one packet - possibly (if the attacker is using the older sipvicious) stopping the traffic. Of course that won't help if the attacker is not using sipvicious and the other tool also ignores a lack of response. -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
