[Freeswitch-users] Seem to be attacked, CPU rate 95%, stop working, no log output.
Lawrence Conroy
lconroy at insensate.co.uk
Fri Jun 26 23:32:11 MSD 2015
In answer to a query on silently expiring fS from Eric Ni ...
On 26 Jun 2015, at 19:56, Oz Mortimer <omortimer at gmail.com> wrote:
> If it is a dos attack then as many have said, fail2ban is the way to go - though you should have that installed anyway.
> The simplest way to check if you are under attack is to install wireshark and issue: tethereal port 5060.
Most of the attacks I see seem to do DNS queries rather than blindly pinging 5060 => assume that the irritating bots know what port you're publishing in DNS as in use by SIP.
And, of course, tethereal/tcpdump/... port <the port on which your server listens>
all the best,
Lawrence
My permanent ipfw block list is now about 200-ish IP address ranges, all gleaned from fail2ban (don't leave home without it!)
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list