On Sun, Oct 03, 2010 at 02:19:35PM -0600, Greg Saunders wrote:
> Hello all. I was recently the victim of a SIP flood attack. I'm wondering
> what is the best method to prevent such things in the future.
In sip.conf:
[general]
alwaysauthreject = yes
The attacking program is probably svwar.py (part of SIPVicious). It
will give up as soon as it realizes it can't tell the difference
between attempting to register an invalid extension and a valid one
(with an arbitrary password).
It's the default in 1.8, but the option goes back at least to 1.4.
--
Barry
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
