THIS : <a href="http://etel.wiki.oreilly.com/wiki/index.php/SIP_DoS/DDoS_Mitigation">http://etel.wiki.oreilly.com/wiki/index.php/SIP_DoS/DDoS_Mitigation</a><div>also works quite well for these attacks..</div><div><br></div>
<div>they wont stop the brute force ( you will need to configure fail2ban for that )</div><div>but this will setup iptables to rate limit any sip connections, so your pc wont get that loaded.</div><div><br></div><div>you can thank <span class="Apple-style-span" style="font-family: sans-serif; font-size: 13px; line-height: 19px; ">Kristian Kielhofner ( a member of the FS community ) for that neat little script :)</span></div>
<div><font class="Apple-style-span" face="sans-serif"><span class="Apple-style-span" style="line-height: 19px;"><br></span></font></div><div><font class="Apple-style-span" face="sans-serif"><span class="Apple-style-span" style="line-height: 19px;">maybe we can copy that script ( Kristian ?? ) to the Freeswitch wiki..</span></font></div>
<div><font class="Apple-style-span" face="sans-serif"><span class="Apple-style-span" style="line-height: 19px;">( with a few modifications )..</span></font></div><div><font class="Apple-style-span" face="sans-serif"><span class="Apple-style-span" style="line-height: 19px;"><br>
</span></font></div><div><font class="Apple-style-span" face="sans-serif"><span class="Apple-style-span" style="line-height: 19px;">be careful of the STOP command on that script its defective ! </span></font></div><div><font class="Apple-style-span" face="sans-serif"><span class="Apple-style-span" style="line-height: 19px;">( and will wipe all firewall rules, especially dangerous if you drop all by default )</span></font></div>
<div><font class="Apple-style-span" face="sans-serif"><span class="Apple-style-span" style="line-height: 19px;"><br></span></font></div><div><font class="Apple-style-span" face="sans-serif"><span class="Apple-style-span" style="line-height: 19px;">Jay</span></font></div>
<div><font class="Apple-style-span" face="sans-serif"><span class="Apple-style-span" style="line-height: 19px;"><br></span></font></div><div><br><div class="gmail_quote">On Mon, Aug 9, 2010 at 5:03 PM, Jan Berger <span dir="ltr"><<a href="mailto:jan.berger@video24.no">jan.berger@video24.no</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im"><br>
1) It stucks on one CPU even I have 2 core since sofia-sip is single<br>
threaded ?<br>
<br>
</div>Your FS uses a single process, and the operating systems need multiple<br>
processes to fully utilize multiple cores. It's major difference between<br>
threads and processes on this.<br>
<font color="#888888"><br>
Jan<br>
</font><div><div></div><div class="h5"><br>
<br>
_______________________________________________<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Sincerely<br><br>Jay<br>
</div>