PlanetMysql.ru — информация о СУБД MySQL

I recently came across a new site which offers a GUI configuration tool for FreeSWITCH. Despite buying the FreeSWITCH 1.0.6 Book which is a very good read and playing a bit with the config files I’ve not found hand editing the native xml configuration files that intuitive.  This is probably because I don’t have enough [...]
PlanetMySQL Voting: Vote UP / Vote DOWN

The rise of open source software within both public and private organizations is something well understood, and well documented - industry analysts estimate 80%+ of organizations use open source software within their IT projects.

Typical uses include web infrastructure, internal network infrastructure, IT Development & Test environments and departmental applications.

But open source solutions are not restricted purely to these (very important) "horizontal" apps.  With the wealth of open source projects out there now, it is possible to build highly specialized solutions, addressing very specific problems, that previously could only be addressed with expensive and time consuming internal custom development.

A great example is from a new case study of Telemaque, a Services Provider delivering hosted call center services to French-speaking corporate companies, including leading telecoms and cable providers.

Telemaque built their call center solution from the Kamailio open source SIP server and  FreeSWITCH media servers, with the MySQL Cluster database providing back-end services including call setup, routing tables, AAA (Authentication, Authorization and Accounting) and CDRs (Call Detail Records). 

MySQL Cluster is handling a massive 330,000 Operations per Second across just 4 x data nodes, with the real-time responsiveness AND continous, carrier-grade availability, demanded by telecoms services. 

You can read more about the Telemaque deployment in our new case study, posted here 

Telemaque didn't just build a new solution from open source software, they built a whole new business.



PlanetMySQL Voting: Vote UP / Vote DOWN

There was a lot of talk about this being the next menace after email spam. I’m not actually sure what it’s called for VoIP systems, but my Asterisk setup has started to be attacked over the last few days. Lots of entries like:

[Aug 27 19:20:30] NOTICE[18826] chan_sip.c: Registration from '"742"<sip:742@a.b.c.d>' failed for '208.109.86.187' - No matching peer found
...
[Aug 31 10:13:10] NOTICE[18826] chan_sip.c: Registration from '"1002" <sip:1002@a.b.c.d>' failed for '41.191.224.2' - Wrong password

Lots of messages get logged a second and I noticed this as suddenly CPU load on my PC jumped up quite a bit.

For the moment I’ve routed these addresses via the interface lo0 so they won’t bother me any more, but I need to come up with a better solution.

First I’m curious if applications like Asterisk or FreeSwitch have any built-in anti-abuse controls to recognise bad behaviour and to disable those abusers. I’m pretty sure that I’ve not read about anything for Asterisk, and I’m currently reading the FreeSWITCH book I bought but haven’t come across this mentioned yet.  Seems that applications like this may need to have these controls added at some time, just as sendmail, postfix and most mail servers have had to adjust to a hostile world.

The other option of course is to use a firewall or packet filter to limit the incoming traffic rate from a single IP to port 5060 or whereever the SIP connection is being accepted so that when going over the limit the ip will be blocked for some time. iptables can do this I think so I’m going to have to read about how to configure and set that up.

There are other applications designed to watch logs and use them to automatically add temporary blocks. fail2ban is one of these. I’ll also have to see if I can configure it for this task.

So if this has happened to you how do you protect your VoIP systems from that hostile world of the Internet?

PlanetMySQL Voting: Vote UP / Vote DOWN