There is a program, Tracebuster, that will show you if you are receiving sipvicious attacks. For $99, I believe it's a great investment. Simply monitor traffic from the router, it will show sipvicious attacks, and is also great for measuring Jitter on a network having issues.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Tony Graziano Sent: Saturday, February 04, 2012 3:53 PM To: Discussion list for users of sipXecs software Subject: Re: [sipx-users] Sip Vicious and Remote Workers On Sat, Feb 4, 2012 at 6:47 PM, Keith Laidlaw <[email protected]> wrote: > I have a working, stable sipX system (4.4.0 from ISO) with various > same-subnet phones and sipxbridge to an ITSP (Voip.ms). The entire > system is behind a port restricted NAT. All is well. > > > > Recently I tried to add remote workers to the mix, very carefully. > The first - and only - thing I did was port forward 5060 TCP/UDP and > 30000-31000 UDP. When I did this I experienced what I suspect is the > sipvicious problem described elsewhere in this list. Every 24 hours > or so, sipxproxy and sipxregistrar prevent phones from registering and > the only cure is to restart those two. > > > > My questions: > > > > 1) What is the best way to confirm that my problem is due to > sipvicious. > Look through either the registrar logs or proxy logs. If those logs are HUGE in size, it is likely the system was targeted. Inspecting the logs will tell you more. > 2) Is the detailed reason that sipvicious causes an irrecoverable > lockup well known? It's like any script attack in that it is overwhelming whatever resources your box has to offer it. It's called a DoS attack. > > 3) Does 4.6 handle this situation better and make it into a > (self) recoverable situation? > It has additional tools in the security aspect to help and to also be able to update certain firewalls, etc. > 4) Does 4.6 offer sipvicious protection to minimise this from > happening in the first place? > See answer to #3. > 5) In the meantime, is pfsense my best option to block sipvicious > (and also change me to symmetric)? > ANY firewall which will allow you to lessen your exposed footprint for ANY application is a good idea. pfSense will certainly do this. > 6) Is there an ISO for pfsense that is appropriate for sipx? Or > an ISO with instructions for configuring for sipx? > Yes, they have ISO's available on the pfSense site. > > > Any help would be appreciated. > > > > Keith > > > > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ -- ~~~~~~~~~~~~~~~~~~ Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.465.6833 ~~~~~~~~~~~~~~~~~~ LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Helpdesk Customers: http://myhelp.myitdepartment.net Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 Ask about our Internet Fax services! -- LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Helpdesk Customers: http://myhelp.myitdepartment.net Blog: http://blog.myitdepartment.net _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
