Is there a way to disable all SIP registration and block any requests? The reason I'm asking is this particular Asterisk server will just be originating calls. I've noticed sip attacks where the attacker attempts to register a user 100x per second causing CPU to rise significantly. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110527/d93e809e/attachment.htm>
Block inbound udp port 5060 using your firewall? Thanks, --Warren Selby, dCAP On May 27, 2011, at 10:45 AM, vip killa <vipkilla at gmail.com> wrote:> Is there a way to disable all SIP registration and block any requests? The reason I'm asking is this particular Asterisk server will just be originating calls. I've noticed sip attacks where the attacker attempts to register a user 100x per second causing CPU to rise significantly. > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users
On Fri, 27 May 2011, vip killa wrote:> Is there a way to disable all SIP registration and block any requests? > The reason I'm asking is this particular Asterisk server will just be > originating calls. I've noticed sip attacks where the attacker attempts > to register a user 100x per second causing CPU to rise significantly.?Gordon Henderson posted an iptables firewall script that 'rate limited' INVITEs and REGISTERs. It should be trivial to modify that to always drop these packets. Unloading the SIP channel driver should also be effective :) -- Thanks in advance, ------------------------------------------------------------------------- Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000