The registrations could be because of bogus registration attempts. BUT if these are call attempts (not registrations) against the proxy, they will effectively use resources if the attempts are consistent enough in volume to effectively eat the resources away until the registrar can't process registrations.
1. look at your CDR's for the day of and day before to see if there are bogus call attempt. 2. Inspect your logs (sipXproxy.log and sipregistrar.log) 3. Consider some measures by means of firewall rules to rate limit your connections per second, etc. 4. Steve's script might help IF the attempts are to register, but if it is simply probing your server to send calls through it without registering, it will not help. On Mon, Sep 17, 2012 at 4:06 PM, Steve Beaudry <[email protected]>wrote: > Hi Laurie, > > I have to agree with Tony here. I've had exactly the same issue you > describe at two different installations, and in every case it turned out to > be sip packets from the Internet, making connections to the SipXecs server, > and running it out of resources. I can't say if the packets were an > intentional DOS, or just an unintended side effect of random probing. > Nonetheless, the effect was the same. > > In all cases, blocking port 5060 from the public network was an > immediate and effective solution. > > If blocking port 5060 outright is not an option, because you need to > allow outside SIP connections, I have developed a script that might help. > The script monitors the log file of successful logins to the web > interface, and manages iptables firewall rules on the SipX host itself, to > only allow connections from IP addresses that have successfully > authenticated. We simply tell users that if they wish to connect remotely, > they first need to login to their voice mailbox from whatever IP address > they wish to connect from. This works equally well for home users with a > laptop and SIP phone behind a NAT gateway, and from mobile clients like > Bria on the iPhone. > > I'm perfectly willing to share the script, with two forewarnings.. > > 1) I'd consider it a 'proof of concept', which should be modified for > your own environment. It works in the two installations that I've set it > up in. > > 2) It has no provisions for a high-availability setup. It wouldn't > be too hard to setup, but I haven't done so. > > I'd considered shooting the script back to the community in the last, > but putting other fires out has prevented me from taking the time to > document it as much as I think it should be if anyone were planning to > use/include it. > > If you'd like to see a copy of it, lemme know, and I can send it your > way. > > Cheers, > > ...Steve... > > *Stephen Beaudry**,* Manager**** > > Server, Network and Telecom Infrastructures *Royal Roads University***** > > *T* 250.391.2600 ext. 4149**** > > 2005 Sooke Road, Victoria, BC Canada V9B 5Y2 *royalroads.ca***** > > **** > > *LIFE.**CHANGING* > > > On 2012-09-17, at 6:48 AM, "Tony Graziano" <[email protected]> > wrote: > > Sounds like you are being bothered from the outside. > > /var/log/sipxpbx > > Is where logs are. > > -- > ~~~~~~~~~~~~~~~~~~ > Tony Graziano, Manager > Telephone: 434.984.8430 > sip: [email protected] > Fax: 434.465.6833 > ~~~~~~~~~~~~~~~~~~ > Linked-In Profile: > http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 > Ask about our Internet Fax services! > ~~~~~~~~~~~~~~~~~~ > > Using or developing for sipXecs from SIPFoundry? Ask me about sipX-CoLab > 2013! > On Sep 17, 2012 9:23 AM, "IT Manager" <[email protected]> wrote: > >> Where would I find the proxy and registrar logs – I can’t find them in >> the web interface?**** >> >> And now you mention it – I do occasionally get lots of emails about there >> not being enough ports or something for media. Hopefully, disabling the >> internet connection will stop any trouble.**** >> >> So now – should I run the yum update to update everything?**** >> >> Laurie**** >> >> ** ** >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Tony Graziano >> *Sent:* 17 September 2012 12:10 >> *To:* Discussion list for users of sipXecs software >> *Subject:* Re: [sipx-users] Registrations dropping**** >> >> ** ** >> >> Check the proxy and registrar logs. Also check CPU and ram/swap. The logs >> may show a lot of call or registration attempts. If the phone are not >> registering via the internet close off port 5060.**** >> >> -- >> ~~~~~~~~~~~~~~~~~~ >> Tony Graziano, Manager >> Telephone: 434.984.8430 >> sip: [email protected] >> Fax: 434.465.6833 >> ~~~~~~~~~~~~~~~~~~ >> Linked-In Profile: >> http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 >> Ask about our Internet Fax services! >> ~~~~~~~~~~~~~~~~~~**** >> >> Using or developing for sipXecs from SIPFoundry? Ask me about sipX-CoLab >> 2013!**** >> >> On Sep 17, 2012 2:41 AM, "IT Manager" <[email protected]> wrote:* >> *** >> >> Dear all,**** >> >> I think I have emailed on this before, but I am still struggling with it: >> **** >> >> Regularly (read – most mornings) – I will come into the office and all my >> phones have lost their registrations with the server – going to the >> server’s page and restarting all the services (which incidentally all claim >> to be running) fixes the problem and the registrations are ok (until the >> next time).**** >> >> Here is my configuration setup:**** >> >> · SipXecs 4.4.0 (no yum updates as this seemed to make it lose >> registrations much more frequently)**** >> >> · Running as VM (still testing…L) on ESXi free – the host is not >> particularly busy (especially overnight which is when it has it’s issues) >> **** >> >> · Grandstream phones GXP2000 (yes- I know they are crap >> phones…so don’t berate me on them – but they do work fine when they are >> allowed to register)**** >> >> · Firewall 5060 opened to the internet along with the other >> higher ports – could it be falling over due to hacking?**** >> >> **** >> >> Can anyone help? I cannot install this company wide if it is going to be >> doing this and I know that it works reliably elsewhere in the world…**** >> >> **** >> >> Thanks,**** >> >> Laurie**** >> >> **** >> >> *<image001.png>***** >> >> Laurie Nason**** >> >> IT Manager**** >> >> Mission Aviation Fellowship - Uganda **** >> >> T +256 41 4267462 F +256 41 4267433**** >> >> PO Box 1, Kampala, Uganda**** >> >> **** >> >> Mission Aviation Fellowship International. A company Limited by >> guarantee, registered in England & Wales**** >> >> Registered Charity Number: 1058226. Registered Company Number: 3144199. >> **** >> >> Registered Office: Operations Centre, Henwood, Ashford, Kent TN24 8DH**** >> >> <image002.png>*www.maf-uganda.org***** >> >> **** >> >> >> _______________________________________________ >> sipx-users mailing list >> [email protected] >> List Archive: http://list.sipfoundry.org/archive/sipx-users/**** >> >> ** ** >> >> LAN/Telephony/Security and Control Systems Helpdesk:**** >> >> Telephone: 434.984.8426**** >> >> sip: [email protected]**** >> >> ** ** >> >> Helpdesk Customers: http://myhelp.myitdepartment.net**** >> >> Blog: http://blog.myitdepartment.net**** >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and >> is >> believed to be clean. **** >> >> _______________________________________________ >> sipx-users mailing list >> [email protected] >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >> > > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > sip: [email protected].**net<[email protected]> > > Helpdesk Customers: > http://myhelp.myitdepartment.**net<http://myhelp.myitdepartment.net> > Blog: http://blog.myitdepartment.net > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- ~~~~~~~~~~~~~~~~~~ Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.465.6833 ~~~~~~~~~~~~~~~~~~ Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 Ask about our Internet Fax services! ~~~~~~~~~~~~~~~~~~ Using or developing for sipXecs from SIPFoundry? Ask me about sipX-CoLab 2013! <http://sipxcolab2013.eventbrite.com/?discount=tony2013> -- LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Helpdesk Customers: http://myhelp.myitdepartment.net Blog: http://blog.myitdepartment.net
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
