see in line On Fri, Jul 15, 2011 at 9:23 AM, Keith Laidlaw <[email protected]> wrote:
> **1) **Dns record that should not be there**** > > Easily checked, but I doubt it. Wouldn’t this likely cause a “predictable” > failure (e.g. it would always fail on the re-register)?**** > > ** > Typically... > ** > > **2) **Sipdomain and hostname the same**** > > This may be the case (I will check). In what way is this a bad thing and > how does it cause this behavior? Again, though, wouldn’t this cause a > predictable failure?**** > > ** > Theoretically this shouldn't be a problem... However the Polycom phones barf hard when this is the case.... Randomly. So, not predicable. If you have a single server and your sip domain = your fqdn just disable _sip._udp, _sip._tcp and the tls srv records. > ** > > **3) **Unauthorized device trying to register via tcp or tls**** > > What about UDP? How does this cause the registrar and proxy services to > fail without recovery? Is there a patch in the works?**** > > ** ** > > **4) **Sipvicious**** > > Not likely (assuming you mean attacked, not just occasional). Again, how > does this cause the failure? Is there a patch in the works that would allow > the system to recover after the attack is over?**** > > ** > Better DOS mitigation capabilities should come in 4.6... they didn't make it in time for 4.4. > ** > > ** ** > > Keith Laidlaw**** > > Manager of Engineering**** > > Dakins Engineering**** > > 19-3105 Unity Drive**** > > Mississauga ON L5L 4L2**** > > ** ** > > 905 814-6024 (w)**** > > 416 805-6024 (c)**** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Tony Graziano > *Sent:* Thursday, July 14, 2011 10:00 PM > > *To:* KeithL > *Subject:* Re: [sipx-users] phone registrations expired**** > > ** ** > > its either a dns record that should not be there (_sip._tls), your sipdmain > ans hostname are the same, you have a device trying to register via tcp or > tls that should not be, or you are being attacked by sip vicious scripts.* > *** > > On Jul 14, 2011 9:47 PM, "Keith Laidlaw" <[email protected]> wrote: > > I have had this difficulty for many weeks. The only things I have added > > from the 4.4 ISO was sendmail-mc and, of course, the latest updates > > (last ran yum update last week). I verified that Tony's idea of > > restarting registrar and proxy works, but it is simply a kludge. > > > > > > > > Any idea where I can look to find out why this is happening? > > > > > > > > Keith Laidlaw > > > > Manager of Engineering > > > > Dakins Engineering > > > > 19-3105 Unity Drive > > > > Mississauga ON L5L 4L2 > > > > > > > > 905 814-6024 (w) > > > > 416 805-6024 (c) > > > > > > > > From: [email protected] > > [mailto:[email protected]] On Behalf Of Douglas > > Hubler > > Sent: Tuesday, May 31, 2011 12:46 PM > > To: KeithL > > Subject: Re: [sipx-users] phone registrations expired > > > > > > > > > > > > On Tue, May 31, 2011 at 12:09 PM, Tony Graziano > > <[email protected]> wrote: > > > > what I have seen is that the busier the environnment the more frequent > > the stops occur. That made me think it was related to the RLS patch. I > > tried taking the RLS patch and related components separately from the > > build repo, but it became moreso problematic after doing so. > > > > > > > > (sample cron entry for daily at 3 hour intervals) > > > > * 0,3,6,9,12,15,18,21 * * * sipxproc -r SIPRegistrar > > * 0,3,6,9,12,15,18,21 * * * sipxproc -r SIPXProxy > > > > > > > > I think it stems from a needed patch to RLS, but I might be wrong. I > > have querid this already on the sipx-dev list and am hoping to see some > > activity on it. If you are also having this issue on 4.4.0 (anyone) it > > would help to know. I am not sure whether it is related to XX-9634 or > > not. > > > > > > > > Patch for RLS can't possibly effect this in a negative way, fix was > > isolated to these 2 files. > > > > > > > > M sipXrls/src/ResourceListFileReader.cpp > > > > M sipXrls/src/ResourceListSet.cpp > > > > > > > > It could affect it in a positive way in that devices won't be blasting > > SUBSCRIBEs to RLS because they are not getting a response. > > > > > > > > I do think Mark should take Tony's advice on looking into sipvicious > > attacks, they seem to be more common then uncommon. > > > > > > > > > > > > > > **** > > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- Michael Picher eZuce Director of Technical Services O.978-296-1005 X2015 M.207-956-0262 @mpicher <http://twitter.com/mpicher> www.ezuce.com
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
