I recently came across a new site which offers a GUI configuration tool for FreeSWITCH. Despite buying the FreeSWITCH 1.0.6 Book which is a very good read and playing a bit with the config files I’ve not found hand editing the native xml configuration files that intuitive. This is probably because I don’t have enough [...]
PlanetMySQL Voting:
Vote UP /
Vote DOWN
Archive for the ‘VoIP’ Category
BlueBox GUI for FreeSWITCH looks very promising
Ноябрь 12th, 2010Vigor2820n 3.3.4 firmware upgrade also breaks SIP registrations
Октябрь 16th, 2010A few days after writing my last post about problems after upgrading my ADSL router’s firmware I also noticed that my VoIP connections were not working properly. I have several SIP providers and after a day or so of using the new firmware the SIP registrations to my providers started failing. Initially I thought this was caused by my ISP as not all registrations seemed to be affected. I have not changed my Asterisk configuration in some time and did not associate the problem with the change in router firmware as everything else seemed to work fine.
The asterisk logging showed:
[Oct 15 02:12:04] NOTICE[3329] chan_sip.c: -- Registration for '....@xxxxxxxxxx.com' timed out, trying again (Attempt #5)
[Oct 15 02:12:24] NOTICE[3329] chan_sip.c: -- Registration for '....@xxxxxxxxxx.com' timed out, trying again (Attempt #6)
[Oct 15 02:12:44] NOTICE[3329] chan_sip.c: -- Registration for '....@xxxxxxxxxx.com' timed out, trying again (Attempt #7)
A router reboot fixes the problem but it does come back again. Rebooting a router on a daily basis is not something I really want to do or think should be necessary.
I’ve reported the problem to Draytek support so will see what they say. In the meantime I see they’ve posted a 3.3.4.1 version of the firmware so perhaps this is one of a few known problems. Let’s see if this latest version solves my problem.
PlanetMySQL Voting: Vote UP / Vote DOWN
Asterisk attack
Сентябрь 1st, 2010There was a lot of talk about this being the next menace after email spam. I’m not actually sure what it’s called for VoIP systems, but my Asterisk setup has started to be attacked over the last few days. Lots of entries like:
[Aug 27 19:20:30] NOTICE[18826] chan_sip.c: Registration from '"742"<sip:742@a.b.c.d>' failed for '208.109.86.187' - No matching peer found
...
[Aug 31 10:13:10] NOTICE[18826] chan_sip.c: Registration from '"1002" <sip:1002@a.b.c.d>' failed for '41.191.224.2' - Wrong password
Lots of messages get logged a second and I noticed this as suddenly CPU load on my PC jumped up quite a bit.
For the moment I’ve routed these addresses via the interface lo0 so they won’t bother me any more, but I need to come up with a better solution.
First I’m curious if applications like Asterisk or FreeSwitch have any built-in anti-abuse controls to recognise bad behaviour and to disable those abusers. I’m pretty sure that I’ve not read about anything for Asterisk, and I’m currently reading the FreeSWITCH book I bought but haven’t come across this mentioned yet. Seems that applications like this may need to have these controls added at some time, just as sendmail, postfix and most mail servers have had to adjust to a hostile world.
The other option of course is to use a firewall or packet filter to limit the incoming traffic rate from a single IP to port 5060 or whereever the SIP connection is being accepted so that when going over the limit the ip will be blocked for some time. iptables can do this I think so I’m going to have to read about how to configure and set that up.
There are other applications designed to watch logs and use them to automatically add temporary blocks. fail2ban is one of these. I’ll also have to see if I can configure it for this task.
So if this has happened to you how do you protect your VoIP systems from that hostile world of the Internet?
PlanetMySQL Voting: Vote UP / Vote DOWN