Why don't you start over. The sipdomain and hostname should be unique to each other. There should be no tls records (if you updated to the latest patch and let sipx manage its own dns its not likely an issue).
tls over udp would cause as much an issue and over tcp. I have seen snom phones with a misproperly configured dns zone bring systems down. As for the sipvicious stuff, thats been talked about many times. You should at the least ratelimit the connections to port 5060 in your firewall. What you have not provided is: what version you are on. what the patch level is. what type of phones you are using and whether or not you have seen connection attempts from scripts in your registrar.log. If I were you I would address all of those things. If you are still having an issue, I'd suggest opening a new thread and providing adequate details. On Fri, Jul 15, 2011 at 9:23 AM, Keith Laidlaw <[email protected]> wrote: > **1) **Dns record that should not be there**** > > Easily checked, but I doubt it. Wouldn’t this likely cause a “predictable” > failure (e.g. it would always fail on the re-register)?**** > > ** ** > > **2) **Sipdomain and hostname the same**** > > This may be the case (I will check). In what way is this a bad thing and > how does it cause this behavior? Again, though, wouldn’t this cause a > predictable failure?**** > > ** ** > > **3) **Unauthorized device trying to register via tcp or tls**** > > What about UDP? How does this cause the registrar and proxy services to > fail without recovery? Is there a patch in the works?**** > > ** ** > > **4) **Sipvicious**** > > Not likely (assuming you mean attacked, not just occasional). Again, how > does this cause the failure? Is there a patch in the works that would allow > the system to recover after the attack is over?**** > > ** ** > > ** ** > > Keith Laidlaw**** > > Manager of Engineering**** > > Dakins Engineering**** > > 19-3105 Unity Drive**** > > Mississauga ON L5L 4L2**** > > ** ** > > 905 814-6024 (w)**** > > 416 805-6024 (c)**** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Tony Graziano > *Sent:* Thursday, July 14, 2011 10:00 PM > > *To:* KeithL > *Subject:* Re: [sipx-users] phone registrations expired**** > > ** ** > > its either a dns record that should not be there (_sip._tls), your sipdmain > ans hostname are the same, you have a device trying to register via tcp or > tls that should not be, or you are being attacked by sip vicious scripts.* > *** > > On Jul 14, 2011 9:47 PM, "Keith Laidlaw" <[email protected]> wrote: > > I have had this difficulty for many weeks. The only things I have added > > from the 4.4 ISO was sendmail-mc and, of course, the latest updates > > (last ran yum update last week). I verified that Tony's idea of > > restarting registrar and proxy works, but it is simply a kludge. > > > > > > > > Any idea where I can look to find out why this is happening? > > > > > > > > Keith Laidlaw > > > > Manager of Engineering > > > > Dakins Engineering > > > > 19-3105 Unity Drive > > > > Mississauga ON L5L 4L2 > > > > > > > > 905 814-6024 (w) > > > > 416 805-6024 (c) > > > > > > > > From: [email protected] > > [mailto:[email protected]] On Behalf Of Douglas > > Hubler > > Sent: Tuesday, May 31, 2011 12:46 PM > > To: KeithL > > Subject: Re: [sipx-users] phone registrations expired > > > > > > > > > > > > On Tue, May 31, 2011 at 12:09 PM, Tony Graziano > > <[email protected]> wrote: > > > > what I have seen is that the busier the environnment the more frequent > > the stops occur. That made me think it was related to the RLS patch. I > > tried taking the RLS patch and related components separately from the > > build repo, but it became moreso problematic after doing so. > > > > > > > > (sample cron entry for daily at 3 hour intervals) > > > > * 0,3,6,9,12,15,18,21 * * * sipxproc -r SIPRegistrar > > * 0,3,6,9,12,15,18,21 * * * sipxproc -r SIPXProxy > > > > > > > > I think it stems from a needed patch to RLS, but I might be wrong. I > > have querid this already on the sipx-dev list and am hoping to see some > > activity on it. If you are also having this issue on 4.4.0 (anyone) it > > would help to know. I am not sure whether it is related to XX-9634 or > > not. > > > > > > > > Patch for RLS can't possibly effect this in a negative way, fix was > > isolated to these 2 files. > > > > > > > > M sipXrls/src/ResourceListFileReader.cpp > > > > M sipXrls/src/ResourceListSet.cpp > > > > > > > > It could affect it in a positive way in that devices won't be blasting > > SUBSCRIBEs to RLS because they are not getting a response. > > > > > > > > I do think Mark should take Tony's advice on looking into sipvicious > > attacks, they seem to be more common then uncommon. > > > > > > > > > > > > > > **** > > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.326.5325 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Helpdesk Contract Customers: http://support.myitdepartment.net <http://support.myitdepartment.net>Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
