Re: [sipx-users] Sip Vicious and Remote Workers

[Tony Graziano]

Fail2ban requires the firewall use iptables I think.
On Feb 4, 2012 11:42 PM, "Gerardo Barajas" <gerardo.bara...@gmail.com>
wrote:

> Hi members of the list.
> ¿Is Fail2ban useful in this situation??
>
> Saludos/Regards
> --
> Ing. Gerardo Barajas Puente
>
> Ingeniería | www.neocenter.com
> T:+52 (55)  8590-9000 x 7003
>
>
>
> On Sat, Feb 4, 2012 at 9:33 PM, Todd Hodgen <thod...@frontier.com> wrote:
> > There is a program, Tracebuster, that will show you if you are receiving
> > sipvicious attacks.   For $99, I believe it's a great investment.  Simply
> > monitor traffic from the router, it will show sipvicious attacks, and is
> > also great for measuring Jitter on a network having issues.
> >
> > -----Original Message-----
> > From: sipx-users-boun...@list.sipfoundry.org
> > [mailto:sipx-users-boun...@list.sipfoundry.org] On Behalf Of Tony
> Graziano
> > Sent: Saturday, February 04, 2012 3:53 PM
> > To: Discussion list for users of sipXecs software
> > Subject: Re: [sipx-users] Sip Vicious and Remote Workers
> >
> > On Sat, Feb 4, 2012 at 6:47 PM, Keith Laidlaw <laidlaw1...@rogers.com>
> > wrote:
> >> I have a working, stable sipX system (4.4.0 from ISO) with various
> >> same-subnet phones and sipxbridge to an ITSP (Voip.ms).  The entire
> >> system is behind a port restricted NAT.  All is well.
> >>
> >>
> >>
> >> Recently I tried to add remote workers to the mix, very carefully.
> >> The first - and only - thing I did was port forward 5060 TCP/UDP and
> >> 30000-31000 UDP.  When I did this I experienced what I suspect is the
> >> sipvicious problem described elsewhere in this list.  Every 24 hours
> >> or so, sipxproxy and sipxregistrar prevent phones from registering and
> >> the only cure is to restart those two.
> >>
> >>
> >>
> >> My questions:
> >>
> >>
> >>
> >> 1)      What is the best way to confirm that my problem is due to
> >> sipvicious.
> >>
> > Look through either the registrar logs or proxy logs. If those logs are
> HUGE
> > in size, it is likely the system was targeted. Inspecting the logs will
> tell
> > you more.
> >
> >> 2)      Is the detailed reason that sipvicious causes an irrecoverable
> >> lockup well known?
> >
> > It's like any script attack in that it is overwhelming whatever resources
> > your box has to offer it. It's called a DoS attack.
> >>
> >> 3)      Does 4.6 handle this situation better and make it into a
> >> (self) recoverable situation?
> >>
> > It has additional tools in the security aspect to help and to also be
> able
> > to update certain firewalls, etc.
> >> 4)      Does 4.6 offer sipvicious protection to minimise this from
> >> happening in the first place?
> >>
> > See answer to #3.
> >> 5)      In the meantime, is pfsense my best option to block sipvicious
> >> (and also change me to symmetric)?
> >>
> > ANY firewall which will allow you to lessen your exposed footprint for
> ANY
> > application is a good idea. pfSense will certainly do this.
> >> 6)      Is there an ISO for pfsense that is appropriate for sipx? Or
> >> an ISO with instructions for configuring for sipx?
> >>
> > Yes, they have ISO's available on the pfSense site.
> >>
> >>
> >> Any help would be appreciated.
> >>
> >>
> >>
> >> Keith
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> sipx-users mailing list
> >> sipx-users@list.sipfoundry.org
> >> List Archive: http://list.sipfoundry.org/archive/sipx-users/
> >
> >
> >
> > --
> > ~~~~~~~~~~~~~~~~~~
> > Tony Graziano, Manager
> > Telephone: 434.984.8430
> > sip: tgrazi...@voice.myitdepartment.net
> > Fax: 434.465.6833
> > ~~~~~~~~~~~~~~~~~~
> > LAN/Telephony/Security and Control Systems Helpdesk:
> > Telephone: 434.984.8426
> > sip: helpd...@voice.myitdepartment.net
> >
> > Helpdesk Customers: http://myhelp.myitdepartment.net
> > Blog: http://blog.myitdepartment.net
> >
> > Linked-In Profile:
> > http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4
> > Ask about our Internet Fax services!
> >
> > --
> > LAN/Telephony/Security and Control Systems Helpdesk:
> > Telephone: 434.984.8426
> > sip: helpd...@voice.myitdepartment.net
> >
> > Helpdesk Customers: http://myhelp.myitdepartment.net
> > Blog: http://blog.myitdepartment.net
> > _______________________________________________
> > sipx-users mailing list
> > sipx-users@list.sipfoundry.org
> > List Archive: http://list.sipfoundry.org/archive/sipx-users/
> >
> > _______________________________________________
> > sipx-users mailing list
> > sipx-users@list.sipfoundry.org
> > List Archive: http://list.sipfoundry.org/archive/sipx-users/
> _______________________________________________
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>

-- 
LAN/Telephony/Security and Control Systems Helpdesk:
Telephone: 434.984.8426
sip: helpd...@voice.myitdepartment.net

Helpdesk Customers: http://myhelp.myitdepartment.net
Blog: http://blog.myitdepartment.net

_______________________________________________
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/