asterisk users - Nov 2010 - Asterisk runs at 100% CPU

Dear asterisk users,

A few weeks ago I've been attacked by a DOS on REGISTER that I've
solved with a fail2ban script.
Now, since a few hours, I have my asterisk 1.4.21.2 running at 100% CPU again.

I've checked the log and it shows nothing related to failed register
or whatever. It just tells me that some of my peers are lagged, even
with a verbosity of 10000

I've made a "SIP SHOW CHANNELS" and I've a very strange thing,
I got
between 4000 and 5000 active channels from peer 127.0.0.1. I have no
sip phone on localhost. Here is an excerpt of my command

Peer             User/ANR    Call ID      Seq (Tx/Rx)  Format
 Hold     Last Message
127.0.0.1        (None)      385677377    00101/00001  0x0 (nothing)
 No       Rx: REGISTER
127.0.0.1        (None)      1623666249   00101/00001  0x0 (nothing)
 No       Rx: REGISTER
127.0.0.1        (None)      1478349241   00101/00001  0x0 (nothing)
 No       Rx: REGISTER
127.0.0.1        (None)      1830524844   00101/00001  0x0 (nothing)
 No       Rx: REGISTER
127.0.0.1        (None)      1688182896   00101/00001  0x0 (nothing)
 No       Rx: REGISTER
127.0.0.1        (None)      1391124899   00101/00001  0x0 (nothing)
 No       Rx: REGISTER
127.0.0.1        (None)      2692644729   00101/00001  0x0 (nothing)
 No       Rx: REGISTER
127.0.0.1        (None)      2043438815   00101/00001  0x0 (nothing)
 No       Rx: REGISTER
127.0.0.1        (None)      3226298375   00101/00001  0x0 (nothing)
 No       Rx: REGISTER
127.0.0.1        (None)      170429466    00101/00001  0x0 (nothing)
 No       Rx: REGISTER

It is not a configuration issue causing loops because my config has
not changed since months.

Any help is appreciated

Best regards,
Patrick

I also forgot to add that my bandwidth is highly used (mostly out
traffic) since I've detected the "attack"



On Wed, Nov 17, 2010 at 06:46, Patrick <asterisk-users at ict-synergy.be>
wrote:
> Dear asterisk users,
>
> A few weeks ago I've been attacked by a DOS on REGISTER that I've
> solved with a fail2ban script.
> Now, since a few hours, I have my asterisk 1.4.21.2 running at 100% CPU
again.
>
> I've checked the log and it shows nothing related to failed register
> or whatever. It just tells me that some of my peers are lagged, even
> with a verbosity of 10000
>
> I've made a "SIP SHOW CHANNELS" and I've a very strange
thing, I got
> between 4000 and 5000 active channels from peer 127.0.0.1. I have no
> sip phone on localhost. Here is an excerpt of my command
>
> Peer ? ? ? ? ? ? User/ANR ? ?Call ID ? ? ?Seq (Tx/Rx) ?Format
> ?Hold ? ? Last Message
> 127.0.0.1 ? ? ? ?(None) ? ? ?385677377 ? ?00101/00001 ?0x0 (nothing)
> ?No ? ? ? Rx: REGISTER
> 127.0.0.1 ? ? ? ?(None) ? ? ?1623666249 ? 00101/00001 ?0x0 (nothing)
> ?No ? ? ? Rx: REGISTER
> 127.0.0.1 ? ? ? ?(None) ? ? ?1478349241 ? 00101/00001 ?0x0 (nothing)
> ?No ? ? ? Rx: REGISTER
> 127.0.0.1 ? ? ? ?(None) ? ? ?1830524844 ? 00101/00001 ?0x0 (nothing)
> ?No ? ? ? Rx: REGISTER
> 127.0.0.1 ? ? ? ?(None) ? ? ?1688182896 ? 00101/00001 ?0x0 (nothing)
> ?No ? ? ? Rx: REGISTER
> 127.0.0.1 ? ? ? ?(None) ? ? ?1391124899 ? 00101/00001 ?0x0 (nothing)
> ?No ? ? ? Rx: REGISTER
> 127.0.0.1 ? ? ? ?(None) ? ? ?2692644729 ? 00101/00001 ?0x0 (nothing)
> ?No ? ? ? Rx: REGISTER
> 127.0.0.1 ? ? ? ?(None) ? ? ?2043438815 ? 00101/00001 ?0x0 (nothing)
> ?No ? ? ? Rx: REGISTER
> 127.0.0.1 ? ? ? ?(None) ? ? ?3226298375 ? 00101/00001 ?0x0 (nothing)
> ?No ? ? ? Rx: REGISTER
> 127.0.0.1 ? ? ? ?(None) ? ? ?170429466 ? ?00101/00001 ?0x0 (nothing)
> ?No ? ? ? Rx: REGISTER
>
> It is not a configuration issue causing loops because my config has
> not changed since months.
>
> Any help is appreciated
>
> Best regards,
> Patrick
>