Hi guys,
Interesting discussion - I learnt quite a bit. Thanks.
That said, no one's yet answered my two original questions. Anyone know?
To repeat:
1. When I used the line dateformat=%F %T in the general section of
logger.conf, the format in /var/log/asterisk/full did change, but the
On Mon, 30 Aug 2010, J. Oquendo wrote:
Gordon Henderson wrote:
On Mon, 30 Aug 2010, J. Oquendo wrote:
I also posted a very effective iptables script some weeks ago if you care
to search the archives. It works and is extremely effective in blocking
these types of attacks - however, it will
On Tue, Aug 31, 2010 at 8:30 AM, Gordon Henderson
gordon+aster...@drogon.net wrote:
3) Contact the UPSTREAM of the attacking host?
Yes. No reply. And in the few times I've tried, I've only ever had a reply
from Amazon - some 18 hours after the flood started and then it took
another 12 hours
On Tue, 31 Aug 2010, Randy R wrote:
On Tue, Aug 31, 2010 at 8:30 AM, Gordon Henderson
gordon+aster...@drogon.net wrote:
3) Contact the UPSTREAM of the attacking host?
Yes. No reply. And in the few times I've tried, I've only ever had a reply
from Amazon - some 18 hours after the flood
On Tue, Aug 31, 2010 at 7:09 PM, Gordon Henderson
gordon+aster...@drogon.net wrote:
Their whole system is designed as a device to waste the time effort of
those trying to submit reports, etc. to them.
This is not the right list for the following comment, but vested
interests always ruin life.
Hi,
I've recently had a fairly prolonged SIP registration attack, 18 hours in
this case and often with 200 attempts per second, and suspect I've had a
number of these in the past. The main symptom I noticed previously was,
because Asterisk was responding to each registration request it
On Mon, 30 Aug 2010, Nikhil Nair wrote:
Hi,
I've recently had a fairly prolonged SIP registration attack, 18 hours in
this case and often with 200 attempts per second, and suspect I've had a
number of these in the past.
Almost everyone has - read the fine archives, then google for
Gordon Henderson wrote:
So.. Get a copy of the sipvicious code from http://blog.sipvicious.org/
(or directly from http://code.google.com/p/sipvicious/ ) and learn how to
use svcrash.py as that's the only thing that's going to ultimately stop a
long-term attack on your site. For now,
On Mon, 30 Aug 2010, J. Oquendo wrote:
How about a little cron script without having to install anything? You
could run it off the hour:
rightnow=`date +%Y-%m-%d %k`
grep $rightnow /var/log/asterisk/messages |\
awk '/No matching peer/' | sed's:'\''::g' |\
uniq | awk '{print iptables -A
Gordon Henderson wrote:
On Mon, 30 Aug 2010, J. Oquendo wrote:
I also posted a very effective iptables script some weeks ago if you care
to search the archives. It works and is extremely effective in blocking
these types of attacks - however, it will not stop a broken sipvicious
from
On 10-08-30 01:53 PM, J. Oquendo wrote:
Gordon Henderson wrote:
On Mon, 30 Aug 2010, J. Oquendo wrote:
I also posted a very effective iptables script some weeks ago if you care
to search the archives. It works and is extremely effective in blocking
these types of attacks - however,
11 matches
Mail list logo