Nice!! Welcome me to the SIP Vicious too :-(.My CDR record is full of "Failed" trials to international numbers .. Any help on how to install/configure the SIPX, Country Block Option in pfSense? The gz link doesn't seem to work. Cheers Saad From: [email protected] [mailto:[email protected]] On Behalf Of Robert B Sent: Sunday, February 05, 2012 8:42 AM To: [email protected] Subject: Re: [sipx-users] Sip Vicious and Remote Workers Keith,
These other solutions that are being recommended are great, but I actually found a very simple way that works "well enough" for me *so far*... Change your iptable rule that allows port 5060 to something like the following: -A INPUT -p tcp -m tcp -m string -m hashlimit --dport 5060 -j ACCEPT --string "REGISTER sip:" --algo bm --to 65 --hashlimit 5/second --hashlimit-burst 10 --hashlimit-mode srcip,dstport --hashlimit-name sip_r_limit It adds a simple rate limiter using source IP and destination port hash so that no single IP can send more than five REGISTER commands per second. This is not the be-all-end-all solution. However, in lieu of taking the time to setup fail2ban, this should do the trick. -- Robert On 2/4/2012 5:47 PM, Keith Laidlaw wrote: I have a working, stable sipX system (4.4.0 from ISO) with various same-subnet phones and sipxbridge to an ITSP (Voip.ms). The entire system is behind a port restricted NAT. All is well. Recently I tried to add remote workers to the mix, very carefully. The first - and only - thing I did was port forward 5060 TCP/UDP and 30000-31000 UDP. When I did this I experienced what I suspect is the sipvicious problem described elsewhere in this list. Every 24 hours or so, sipxproxy and sipxregistrar prevent phones from registering and the only cure is to restart those two. My questions: 1) What is the best way to confirm that my problem is due to sipvicious. 2) Is the detailed reason that sipvicious causes an irrecoverable lockup well known? 3) Does 4.6 handle this situation better and make it into a (self) recoverable situation? 4) Does 4.6 offer sipvicious protection to minimise this from happening in the first place? 5) In the meantime, is pfsense my best option to block sipvicious (and also change me to symmetric)? 6) Is there an ISO for pfsense that is appropriate for sipx? Or an ISO with instructions for configuring for sipx? Any help would be appreciated. Keith
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
