So, 4.6 will have a great rate limiter but temporarily add limiting by pfsense or Robert's iptable rule method. What does fail2ban add to this?
Also, does the DoS attack crash the two services or is it a design decision to shut them down when an attack is detected? If the first, has the crash been fixed for 4.6 or does 4.6 only address prevention (by the limiter). Finally, is there a great howto for configuring pfsense 2.0 for sipx (including SIP rate limiters, country block etc.) Keith From: [email protected] [mailto:[email protected]] On Behalf Of S.K.- G Sent: Sunday, February 05, 2012 10:44 AM To: 'Discussion list for users of sipXecs software' Subject: Re: [sipx-users] Sip Vicious and Remote Workers OK, I think I will try to integrate fail2ban with SIPX .. Any "How to" recommendations? http://sourceforge.net/projects/fail2ban/files/ From: [email protected] [mailto:[email protected]] On Behalf Of Michael Picher Sent: Sunday, February 05, 2012 9:13 AM To: Discussion list for users of sipXecs software Subject: Re: [sipx-users] Sip Vicious and Remote Workers it's call pfblocker... add the package in the first menu on the left... On Sun, Feb 5, 2012 at 8:55 AM, S.K.- G <[email protected]> wrote: Nice!! Welcome me to the SIP Vicious too L.My CDR record is full of "Failed" trials to international numbers .. Any help on how to install/configure the SIPX, Country Block Option in pfSense? The gz link doesn't seem to work. Cheers Saad From: [email protected] [mailto:[email protected]] On Behalf Of Robert B Sent: Sunday, February 05, 2012 8:42 AM To: [email protected] Subject: Re: [sipx-users] Sip Vicious and Remote Workers Keith, These other solutions that are being recommended are great, but I actually found a very simple way that works "well enough" for me *so far*... Change your iptable rule that allows port 5060 to something like the following: -A INPUT -p tcp -m tcp -m string -m hashlimit --dport 5060 -j ACCEPT --string "REGISTER sip:" --algo bm --to 65 --hashlimit 5/second --hashlimit-burst 10 --hashlimit-mode srcip,dstport --hashlimit-name sip_r_limit It adds a simple rate limiter using source IP and destination port hash so that no single IP can send more than five REGISTER commands per second. This is not the be-all-end-all solution. However, in lieu of taking the time to setup fail2ban, this should do the trick. -- Robert On 2/4/2012 5:47 PM, Keith Laidlaw wrote: I have a working, stable sipX system (4.4.0 from ISO) with various same-subnet phones and sipxbridge to an ITSP (Voip.ms). The entire system is behind a port restricted NAT. All is well. Recently I tried to add remote workers to the mix, very carefully. The first - and only - thing I did was port forward 5060 TCP/UDP and 30000-31000 UDP. When I did this I experienced what I suspect is the sipvicious problem described elsewhere in this list. Every 24 hours or so, sipxproxy and sipxregistrar prevent phones from registering and the only cure is to restart those two. My questions: 1) What is the best way to confirm that my problem is due to sipvicious. 2) Is the detailed reason that sipvicious causes an irrecoverable lockup well known? 3) Does 4.6 handle this situation better and make it into a (self) recoverable situation? 4) Does 4.6 offer sipvicious protection to minimise this from happening in the first place? 5) In the meantime, is pfsense my best option to block sipvicious (and also change me to symmetric)? 6) Is there an ISO for pfsense that is appropriate for sipx? Or an ISO with instructions for configuring for sipx? Any help would be appreciated. Keith _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ -- Michael Picher, Director of Technical Services eZuce, Inc. 300 Brickstone Square Suite 201 Andover, MA. 01810 O.978-296-1005 X2015 M.207-956-0262 @mpicher <http://twitter.com/mpicher> www.ezuce.com ---------------------------------------------------------------------------- -------------------------------- Hope to see you at the sipX CoLab! http://www.sipfoundry.org/sipx-colab A gathering for - open source users, eZuce customers & eZuce partners Get the inside track on 4.6 and a glimpse at the future of sipXecs!
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
