Hi, I currently have a dedicated server with a hosting provider for my voip and the provider is currently experiencing a DOS attack. I have been looking at purchasing a number of servers and creating my own VOIP setup with redundancy built in. However, how I can design the system to ensure services remain online in the event a DOS attack is launched? I use Polycom phones which can connect to two sip servers, so would I simply have to take down the affected SIP server so that all calls are routed through the backup server? Or is there a better way of doing things? Many thanks Dan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100305/920af0c3/attachment.htm
On Friday 05 March 2010 10:17:27 Dan Journo wrote:> I currently have a dedicated server with a hosting provider for my voip and > the provider is currently experiencing a DOS attack. I have been looking at > purchasing a number of servers and creating my own VOIP setup with > redundancy built in. > > However, how I can design the system to ensure services remain online in > the event a DOS attack is launched? > > I use Polycom phones which can connect to two sip servers, so would I > simply have to take down the affected SIP server so that all calls are > routed through the backup server? Or is there a better way of doing things?Best possible method would be to distribute your servers across many different networks, such that a DOS against all of your servers is effectively a DOS on the entire Internet. Then it becomes an issue for your upstream provider(s). Your upstream provider(s) would need to be involved in mitigating a DOS attack, anyway. -- Tilghman Lesher Digium, Inc. | Senior Software Developer twitter: Corydon76 | IRC: Corydon76-dig (Freenode) Check us out at: www.digium.com & www.asterisk.org
That solution works fine for the polycom phones because you can set two sip servers. However, what can I do for the incoming SIP calls from our voip provider? We can only set one destination address for the calls. Eg. user at sipserver1.ourcompany.com Many thanks Dan -----Original Message----- From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Tilghman Lesher Sent: 05 March 2010 16:46 To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Denial of Service Attack On Friday 05 March 2010 10:17:27 Dan Journo wrote:> I currently have a dedicated server with a hosting provider for my voip and > the provider is currently experiencing a DOS attack. I have been looking at > purchasing a number of servers and creating my own VOIP setup with > redundancy built in. > > However, how I can design the system to ensure services remain online in > the event a DOS attack is launched? > > I use Polycom phones which can connect to two sip servers, so would I > simply have to take down the affected SIP server so that all calls are > routed through the backup server? Or is there a better way of doing things?Best possible method would be to distribute your servers across many different networks, such that a DOS against all of your servers is effectively a DOS on the entire Internet. Then it becomes an issue for your upstream provider(s). Your upstream provider(s) would need to be involved in mitigating a DOS attack, anyway. -- Tilghman Lesher Digium, Inc. | Senior Software Developer twitter: Corydon76 | IRC: Corydon76-dig (Freenode) Check us out at: www.digium.com & www.asterisk.org -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Hi, If I set up two servers for load balancing and redundancy, how do I program the dial plan for internal calls? Bearing in mind that some internal users will be registered to server A, and some registered to server B? Many thanks Dan -----Original Message----- From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Dan Journo Sent: 06 March 2010 20:16 To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Denial of Service Attack That solution works fine for the polycom phones because you can set two sip servers. However, what can I do for the incoming SIP calls from our voip provider? We can only set one destination address for the calls. Eg. user at sipserver1.ourcompany.com Many thanks Dan -----Original Message----- From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Tilghman Lesher Sent: 05 March 2010 16:46 To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Denial of Service Attack On Friday 05 March 2010 10:17:27 Dan Journo wrote:> I currently have a dedicated server with a hosting provider for my voip and > the provider is currently experiencing a DOS attack. I have been looking at > purchasing a number of servers and creating my own VOIP setup with > redundancy built in. > > However, how I can design the system to ensure services remain online in > the event a DOS attack is launched? > > I use Polycom phones which can connect to two sip servers, so would I > simply have to take down the affected SIP server so that all calls are > routed through the backup server? Or is there a better way of doing things?Best possible method would be to distribute your servers across many different networks, such that a DOS against all of your servers is effectively a DOS on the entire Internet. Then it becomes an issue for your upstream provider(s). Your upstream provider(s) would need to be involved in mitigating a DOS attack, anyway. -- Tilghman Lesher Digium, Inc. | Senior Software Developer twitter: Corydon76 | IRC: Corydon76-dig (Freenode) Check us out at: www.digium.com & www.asterisk.org -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users