On Sat, Oct 30, 2010 at 07:33:23PM -0600, Joel Maslak wrote:
> The CPU usage is trivial to deny them. As is the bandwidth usage, if
> you are not sitting on a slowish broadband connection.
s/slow/assymetric/
>
> Sure blocking doesn't hurt, but does the help it provides exceed the
> downsides (effort and risk of blocking legitimate users)? I suspect it
> doesn't...if you have strong passwords. If you have weak passwords, you
> should fix that.
>
> It also seems that the only way to make blocking effective is to
> block everything by default except known endpoints. Blocking the
> door knickers doesn't protect against a bad guy finding (not through
> brute force) valid credentials.
Unless you have people on the road.
Or unless you have people who want to actually use the peer-to-peer
nature of SIP and call your SIP address.
>
> For me, monitoring outbound call volume makes a lot more sense.
> I would love to see an easy to use, out of the box method to alert
> me if more than "x" number of erlangs* are exceeded within a five
> minute, sixty minute, and one day time period. For me, I would want
> alerting on more than 10 erlangs over five minutes, 8 over an hour,
> and 2 over a day. Exceeding these would likely indicate fraud for
> my installation. Smaller sites would use smaller numbers, larger
> ones would use bigger ones.
I suspect even munin would provide you such options. Not to mention any
more capable monitor.
--
Tzafrir Cohen
icq#16849755 jabber:[email protected]
+972-50-7952406 mailto:[email protected]
http://www.xorcom.com iax:[email protected]/tzafrir
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
