Hi Mike In this case, if it’s coming from friendly scanner why not drop the packets at the firewall layer so that Asterisk never sees them?
Mark > On 15 Aug 2017, at 20:37, mdiehl <[email protected]> wrote: > > Hi all, > > Lately, I've seen an increase in the number of attacks against my system from > the so-called "Friendly Scanner." When one of these script kiddies targets > my server, all I see for symptoms is a few of my trunks become lagged due to > server load and a stream of messages on the console that resemble this: > > [Aug 2 20:27:50] == Using SIP VIDEO CoS mark 6 > [Aug 2 20:27:50] == Using SIP RTP TOS bits 24 > [Aug 2 20:27:50] == Using SIP RTP CoS mark 5 > [Aug 2 20:32:47] == Using SIP VIDEO TOS bits 24 > [Aug 2 20:32:47] == Using SIP VIDEO CoS mark 6 > [Aug 2 20:32:47] == Using SIP RTP TOS bits 24 > [Aug 2 20:32:47] == Using SIP RTP CoS mark 5 > [Aug 2 20:34:26] == Using SIP VIDEO TOS bits 24 > [Aug 2 20:34:26] == Using SIP VIDEO CoS mark 6 > > > I have to turn on sip debugging to find out who's hitting me. However, I > can't just leave it on because it would kill my logging system. > > So, how are other people handling this? Is there an AMI event I want watch > for? I watch for PeerStatus, but since there's no actual peer in the attack, > I don't seem to get an event from AMI. > > Any ideas? > > Mike Diehl. > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
