Re: [asterisk-users] sip attacks
How big is the blocklist from fail2ban? - a few thousand entries and the network stack performance degrades. BillK On Sun, 2011-07-31 at 19:54 -0400, C F wrote: How long ago was the last block from fail2ban? What could be is that the attacker hasn't yet realized that he has been blocked and is still trying, which although blocked by iptables it is still coming down the line for attempted connections. On Sun, Jul 31, 2011 at 7:04 PM, Dave George dgeo...@teletoneinc.com wrote: My asterisk server is getting bogged down every 5 minutes. My ping time is going from 60ms to 800 ms and the call quality is bad. I have fail2ban running and I am using iptables. I have two ip connections to the box. How can I tell if the poor performance is due to sip attacks? I don't see any reg attempts in my asterisk cli. I use to get frequent attacks but fail2ban seems to be taking care of that. See how ping time gets worst in a short space of time and server performance at the time: 64 bytes from 4.2.2.1: icmp_seq=6 ttl=55 time=87.8 ms 64 bytes from 4.2.2.1: icmp_seq=7 ttl=55 time=99.8 ms 64 bytes from 4.2.2.1: icmp_seq=8 ttl=55 time=107 ms 64 bytes from 4.2.2.1: icmp_seq=9 ttl=55 time=115 ms 64 bytes from 4.2.2.1: icmp_seq=10 ttl=55 time=120 ms 64 bytes from 4.2.2.1: icmp_seq=11 ttl=55 time=122 ms 64 bytes from 4.2.2.1: icmp_seq=12 ttl=55 time=123 ms 64 bytes from 4.2.2.1: icmp_seq=13 ttl=55 time=126 ms 64 bytes from 4.2.2.1: icmp_seq=14 ttl=55 time=122 ms 64 bytes from 4.2.2.1: icmp_seq=15 ttl=55 time=142 ms 64 bytes from 4.2.2.1: icmp_seq=16 ttl=55 time=142 ms 64 bytes from 4.2.2.1: icmp_seq=17 ttl=55 time=137 ms 64 bytes from 4.2.2.1: icmp_seq=18 ttl=55 time=186 ms 64 bytes from 4.2.2.1: icmp_seq=19 ttl=55 time=255 ms 64 bytes from 4.2.2.1: icmp_seq=20 ttl=55 time=310 ms 64 bytes from 4.2.2.1: icmp_seq=21 ttl=55 time=387 ms 64 bytes from 4.2.2.1: icmp_seq=22 ttl=55 time=445 ms 64 bytes from 4.2.2.1: icmp_seq=23 ttl=55 time=514 ms 64 bytes from 4.2.2.1: icmp_seq=24 ttl=55 time=583 ms 64 bytes from 4.2.2.1: icmp_seq=25 ttl=55 time=650 ms 64 bytes from 4.2.2.1: icmp_seq=26 ttl=55 time=715 ms 64 bytes from 4.2.2.1: icmp_seq=27 ttl=55 time=783 ms 64 bytes from 4.2.2.1: icmp_seq=28 ttl=55 time=821 ms 64 bytes from 4.2.2.1: icmp_seq=29 ttl=55 time=810 ms 64 bytes from 4.2.2.1: icmp_seq=30 ttl=55 time=832 ms 64 bytes from 4.2.2.1: icmp_seq=31 ttl=55 time=812 ms 64 bytes from 4.2.2.1: icmp_seq=32 ttl=55 time=821 ms 64 bytes from 4.2.2.1: icmp_seq=33 ttl=55 time=826 ms 64 bytes from 4.2.2.1: icmp_seq=34 ttl=55 time=815 ms 64 bytes from 4.2.2.1: icmp_seq=35 ttl=55 time=821 ms 64 bytes from 4.2.2.1: icmp_seq=36 ttl=55 time=824 ms top - 19:02:38 up 4 days, 11:26, 4 users, load average: 0.36, 0.75, 0.82 Mem: 4051312k total, 1062964k used, 2988348k free, 167004k buffers Swap: 6094840k total,0k used, 6094840k free, 680144k cached PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 4245 root 15 0 791m 86m 10m S 39.6 2.2 1192:32 asterisk 18280 root 15 0 3812 600 516 S 2.0 0.0 0:59.00 pppoe 2582 root 15 0 5912 628 504 S 0.3 0.0 2:02.19 syslogd 18978 root 15 0 12744 1096 812 R 0.3 0.0 0:00.02 top 1 root 15 0 10352 700 588 S 0.0 0.0 0:01.14 init 2 root RT -5 000 S 0.0 0.0 0:00.01 migration/0 3 root 34 19 000 S 0.0 0.0 0:31.90 ksoftirqd/0 4 root RT -5 000 S 0.0 0.0 0:00.00 watchdog/0 5 root RT -5 000 S 0.0 0.0 0:00.01 migration/1 6 root 34 19 000 S 0.0 0.0 0:08.43 ksoftirqd/1 7 root RT -5 000 S 0.0 0.0 0:00.00 watchdog/1 8 root RT -5 000 S 0.0 0.0 0:00.13 migration/2 9 root 34 19 000 S 0.0 0.0 2:40.56 ksoftirqd/2 10 root RT -5 000 S 0.0 0.0 0:00.00 watchdog/2 11 root RT -5 000 S 0.0 0.0 0:00.05 migration/3 12 root 34 19 000 S 0.0 0.0 0:44.56 ksoftirqd/3 13 root RT -5 000 S 0.0 0.0 0:00.00 watchdog/3 14 root 10 -5 000 S 0.0 0.0 0:00.02 events/0 15 root 10 -5 000 S 0.0 0.0 0:00.00 events/1 16 root 10 -5 000 S 0.0 0.0 0:00.00 events/2 17 root 10 -5 000 S 0.0 0.0 0:00.00 events/3 18 root 10 -5 000 S 0.0 0.0 0:00.00 khelper 55 root 10 -5 000 S 0.0 0.0 0:00.00 kthread 62 root 10 -5 000 S 0.0 0.0 0:00.07 kblockd/0 63 root 10 -5 000 S 0.0 0.0 0:00.01 kblockd/1 64 root 10 -5 000 S 0.0 0.0 0:00.00 kblockd/2 65 root 10 -5 000 S 0.0 0.0 0:00.00 kblockd/3
Re: [asterisk-users] IP ban list by country
On Sun, 2011-02-13 at 22:54 -0800, Steve Edwards wrote: On Mon, 14 Feb 2011, Bruce B wrote: What sources do you use to limit SIP connecting customers to specific countries by IP (e.g. allowing USA and not China). It would help me a lot of you can note the sources you trust that are complete and up to date. I compiled this list a few (6?) months ago by typing class A address blocks into Arin.net's 'whois' web page and noting which Regional Internet Registry it was allocated to. http://www.voip-info.org/wiki/view/allocated-class-a-ip-address-blocks After plonking this into a couple of production hosts, attacks of all ports dropped dramatically. I note there have been changes since then (128.0.0.0 was assigned to RIPE back in November), so if anybody wants to 'refresh' and post changes, please do. Look at geoip and maxmind. Has a netfilter module to look up and pass/block based on geo-location via the registry information. Databases are available by subscription (fine grained, up to date) and a more general one for free use. see http://people.netfilter.org/peejix/geoip/howto/geoip-HOWTO.html Its been awhile since Ive used it and had to drop it because I needed access from the problem areas :( - but it worked very well at the time. BillK -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] E3 Card on Asterisk ?
On Tue, 2010-04-27 at 11:01 -0400, John Novack wrote: Anita Hall wrote: Hi Please check out this product http://www.sangoma.com/products/hardware_products/data_networking/a301.html Does it work on Asterisk or Freeswitch ? Do Telcos provide an E3 connection ? One of our customers had an inquiry for terminating 6000 calls simultaneously. I want to do some homework before taking it further with him. If I use E1 lines, I will need 6000 / 30 = 200 E1 lines, which does not look feasible ? Thanks for any input you may provide. regards, Anita Hall, Simmortel Voice. On ONE box? Seems to me, that is just asking for trouble Check the archives, others have suggested maximums for a single box and server farms John Novack Has anyone put together a public list/wiki/info sheet on what the various maximums/rules of thumb are? Seems a better idea than random searching to point to a definitive document! And save some traffic to the list as this seems to be a common query. BillK -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Can't restart asterisk from script
Keep in mond that cron usually has a very abbreviated environment for security reasons - you may need to set the PATH or other environment variables in the crontab to get it to work. Billk On Wed, 2009-12-09 at 20:55 -0500, Michelle Dupuis wrote: Interesting...I'll try that. Thanks __ From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Lyle Giese Sent: Wednesday, December 09, 2009 8:47 PM To: Asterisk Users List Subject: Re: [asterisk-users] Can't restart asterisk from script Doug Lytle wrote: Warren Selby wrote: On Wed, Dec 9, 2009 at 3:08 PM, Michelle Dupuis supp...@ocg.ca mailto:supp...@ocg.ca wrote: I'm running * 1.4 and can successfully restart asterisk from the command line with: /usr/sbin/asterisk -r -x restart gracefully I have the following cron job: /usr/sbin/asterisk -r -x 'restart when convenient' Doug You probably don't need the single or double quotes at all. I have never used any quoting in crontab. Lyle Giese LCR Computer Services, Inc. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Can't restart asterisk from script
Yes, but if asterisk cant find some of its components due to abbreviated path or ... Just run a cron that prints the results from env and compare and see if there is something obvious - there may also be privilege issues BillK On Wed, 2009-12-09 at 22:32 -0500, Michelle Dupuis wrote: I had double quotes originally - and that didn't work -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Juan E. RodrÃguez Sent: Wednesday, December 09, 2009 10:14 PM To: Asterisk Users List Subject: Re: [asterisk-users] Can't restart asterisk from script You should replace the single quote with double quote. --Original Message-- From: Michelle Dupuis Sender: asterisk-users-boun...@lists.digium.com To: 'Asterisk Users List' ReplyTo: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Can't restart asterisk from script Sent: Dec 9, 2009 10:59 PM But the error message in my log shows the error to be from asterisk, so I'm guessing I'm sending a parameter incorrectly to asterisk - which fits with the no quote theory -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Bill Kenworthy Sent: Wednesday, December 09, 2009 9:31 PM To: Asterisk Users List Subject: Re: [asterisk-users] Can't restart asterisk from script Keep in mond that cron usually has a very abbreviated environment for security reasons - you may need to set the PATH or other environment variables in the crontab to get it to work. Billk On Wed, 2009-12-09 at 20:55 -0500, Michelle Dupuis wrote: Interesting...I'll try that. Thanks __ From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Lyle Giese Sent: Wednesday, December 09, 2009 8:47 PM To: Asterisk Users List Subject: Re: [asterisk-users] Can't restart asterisk from script Doug Lytle wrote: Warren Selby wrote: On Wed, Dec 9, 2009 at 3:08 PM, Michelle Dupuis supp...@ocg.ca mailto:supp...@ocg.ca wrote: I'm running * 1.4 and can successfully restart asterisk from the command line with: /usr/sbin/asterisk -r -x restart gracefully I have the following cron job: /usr/sbin/asterisk -r -x 'restart when convenient' Doug You probably don't need the single or double quotes at all. I have never used any quoting in crontab. Lyle Giese LCR Computer Services, Inc. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users Saludos, Juan E. RodrÃguez ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
