Hi members of the list. ¿Is Fail2ban useful in this situation?? Saludos/Regards -- Ing. Gerardo Barajas Puente
Ingeniería | www.neocenter.com T:+52 (55) 8590-9000 x 7003 On Sat, Feb 4, 2012 at 9:33 PM, Todd Hodgen <[email protected]> wrote: > There is a program, Tracebuster, that will show you if you are receiving > sipvicious attacks. For $99, I believe it's a great investment. Simply > monitor traffic from the router, it will show sipvicious attacks, and is > also great for measuring Jitter on a network having issues. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Tony Graziano > Sent: Saturday, February 04, 2012 3:53 PM > To: Discussion list for users of sipXecs software > Subject: Re: [sipx-users] Sip Vicious and Remote Workers > > On Sat, Feb 4, 2012 at 6:47 PM, Keith Laidlaw <[email protected]> > wrote: >> I have a working, stable sipX system (4.4.0 from ISO) with various >> same-subnet phones and sipxbridge to an ITSP (Voip.ms). The entire >> system is behind a port restricted NAT. All is well. >> >> >> >> Recently I tried to add remote workers to the mix, very carefully. >> The first - and only - thing I did was port forward 5060 TCP/UDP and >> 30000-31000 UDP. When I did this I experienced what I suspect is the >> sipvicious problem described elsewhere in this list. Every 24 hours >> or so, sipxproxy and sipxregistrar prevent phones from registering and >> the only cure is to restart those two. >> >> >> >> My questions: >> >> >> >> 1) What is the best way to confirm that my problem is due to >> sipvicious. >> > Look through either the registrar logs or proxy logs. If those logs are HUGE > in size, it is likely the system was targeted. Inspecting the logs will tell > you more. > >> 2) Is the detailed reason that sipvicious causes an irrecoverable >> lockup well known? > > It's like any script attack in that it is overwhelming whatever resources > your box has to offer it. It's called a DoS attack. >> >> 3) Does 4.6 handle this situation better and make it into a >> (self) recoverable situation? >> > It has additional tools in the security aspect to help and to also be able > to update certain firewalls, etc. >> 4) Does 4.6 offer sipvicious protection to minimise this from >> happening in the first place? >> > See answer to #3. >> 5) In the meantime, is pfsense my best option to block sipvicious >> (and also change me to symmetric)? >> > ANY firewall which will allow you to lessen your exposed footprint for ANY > application is a good idea. pfSense will certainly do this. >> 6) Is there an ISO for pfsense that is appropriate for sipx? Or >> an ISO with instructions for configuring for sipx? >> > Yes, they have ISO's available on the pfSense site. >> >> >> Any help would be appreciated. >> >> >> >> Keith >> >> >> >> >> _______________________________________________ >> sipx-users mailing list >> [email protected] >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > > > -- > ~~~~~~~~~~~~~~~~~~ > Tony Graziano, Manager > Telephone: 434.984.8430 > sip: [email protected] > Fax: 434.465.6833 > ~~~~~~~~~~~~~~~~~~ > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > sip: [email protected] > > Helpdesk Customers: http://myhelp.myitdepartment.net > Blog: http://blog.myitdepartment.net > > Linked-In Profile: > http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 > Ask about our Internet Fax services! > > -- > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > sip: [email protected] > > Helpdesk Customers: http://myhelp.myitdepartment.net > Blog: http://blog.myitdepartment.net > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
