Re: [sipx-users] Sip Vicious and Remote Workers

Sun, 05 Feb 2012 05:42:58 -0800 

Keith,
These other solutions that are being recommended are great, but I actually found a very simple way that works "well enough" for me *so far*... 


Change your iptable rule that allows port 5060 to something like the 
following:



-A INPUT -p tcp -m tcp -m string -m hashlimit --dport 5060 -j ACCEPT 
--string "REGISTER sip:" --algo bm --to 65 --hashlimit 5/second 
--hashlimit-burst 10 --hashlimit-mode srcip,dstport --hashlimit-name 
sip_r_limit



It adds a simple rate limiter using source IP and destination port hash 
so that no single IP can send more than five REGISTER commands per 
second. This is not the be-all-end-all solution. However, in lieu of 
taking the time to setup fail2ban, this should do the trick.


-- Robert



On 2/4/2012 5:47 PM, Keith Laidlaw wrote:



I have a working, stable sipX system (4.4.0 from ISO) with various 
same-subnet phones and sipxbridge to an ITSP (Voip.ms).  The entire 
system is behind a port restricted NAT.  All is well.



Recently I tried to add remote workers to the mix, very carefully.  
The first - and only - thing I did was port forward 5060 TCP/UDP and 
30000-31000 UDP.  When I did this I experienced what I suspect is the 
sipvicious problem described elsewhere in this list.  Every 24 hours 
or so, sipxproxy and sipxregistrar prevent phones from registering and 
the only cure is to restart those two.


My questions:

1)What is the best way to confirm that my problem is due to sipvicious.


2)Is the detailed reason that sipvicious causes an irrecoverable 
lockup well known?



3)Does 4.6 handle this situation better and make it into a (self) 
recoverable situation?



4)Does 4.6 offer sipvicious protection to minimise this from happening 
in the first place?



5)In the meantime, is pfsense my best option to block sipvicious (and 
also change me to symmetric)?



6)Is there an ISO for pfsense that is appropriate for sipx? Or an ISO 
with instructions for configuring for sipx?


Any help would be appreciated.

Keith





_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/





















					Reply via email to