[EMAIL PROTECTED] wrote:
Hello
I would say,
First of all, for users who are authenticated, so really can make calls,
just configure asterisk to limit the number of calls users can make
concurrently
Next, put a firewall in front of your asterisk box which rate limits the
number of connection attempts per second per host.. If you limit this to
lets say about 25 to 50 connection attempts per second per host I would
say you're pretty safe and your asterisk box can't really get overloaded
with malicious packets. this burst limit depends on your config as you
might get much traffic from certain IP's ofcourse
Niels
With SIP and IAX, it's UDP (* doesn't do TCP SIP) you can spoof the
source address. An attack similar to TCP SYN attack would work. Actually
there's better attacks I can think of. Low cpu auth replys would partly
solve it with IAX, moving to TCP (even TLS) with SIP is much safer.
-Adam
_______________________________________________
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
