<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">If you have ngrep installed on CentOS 5 (you will need the epel repo)<div>yum install ngrep</div><div><br></div><div>You can view port 5060 traffic quite easily with</div><div>ngrep -W byline port 5060</div><div><br></div><div><br></div><div>Your freeswitch logs probably have hundreds/thousands of registration attempts per minute - have a look at those</div><div>These rego attempts need to be processed, so each one takes a small amount of resources.</div><div>If you have one hundred or more rego attempts per second, then you'll certainly have a problem.</div><div>Your CPU also has 512KB of cache (very fast memory) - modern Xeon's have 24x this amount, so are a little bit more resilient to a strain on resources**</div><div><br></div><div>HTH</div><div>Chris</div><div><br></div><div>**I would imagine</div><div><br><div><div>On 14/05/2012, at 8:56 PM, ghallab wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div bgcolor="#FFFFFF" text="#000000">
Thank you for your quick replay.<br>
Could you tell me please how do you come to this conclusion?<br>
and if this is a brute-force, it can make my system slow all the
time?<br>
On 05/14/2012 09:21 AM, Muhammad Shahzad wrote:
<blockquote cite="mid:CAFZQphx5-0oiu5508qUo5ZJ7ZBSN50CMFkd+zTUagx1SgTib9A@mail.gmail.com" type="cite">Seems like you system is under SIP brute-force attack.
Somebody is trying to break into your freeswitch box. Just find
that user's ip and block it in IPTables.<br>
<br>
If problem persists and hacker comes from another IP then you
probably need to configure Fail2Ban service.<br>
<br>
Thank you.<br>
<br>
<br>
<div class="gmail_quote">On Mon, May 14, 2012 at 11:51 AM, ghallab
<span dir="ltr"><<a moz-do-not-send="true" href="mailto:tarik.bts.gi@gmail.com" target="_blank">tarik.bts.gi@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi all,<br>
<blockquote> This days am experiencing a problem with
Freeswitch: it seems that it needs more hardware resources
and voicemail don't work any more and it make a long delay
to process call transfer. should I compile the last
version to revolve the problem or try to increase hardware
resources? I notice that I have anther instance of FS
running fine in the same conditions. <br>
</blockquote>
I tried to collect the maximum information that I can:<br>
OS version: CentOS release 5.4<br>
the cpu info is:<br>
<a moz-do-not-send="true" href="http://pastebin.freeswitch.org/19039" target="_blank">http://pastebin.freeswitch.org/19039</a> <br>
the mem info is:<br>
<a moz-do-not-send="true" href="http://pastebin.freeswitch.org/19040" target="_blank">http://pastebin.freeswitch.org/19040</a><br>
<br>
the out put of the command top is <br>
<a moz-do-not-send="true" href="http://pastebin.freeswitch.org/19038" target="_blank">http://pastebin.freeswitch.org/19038</a><br>
<br>
the number of calls when I made the test was:<br>
5 total.<br>
<br>
the out put of gcore and gdb:<br>
<a moz-do-not-send="true" href="http://pastebin.freeswitch.org/19041" target="_blank">http://pastebin.freeswitch.org/19041</a><br>
<br>
number of sofia's profiles:<br>
5 sofia profiles and 1 alias <br>
number of calls that I want:<br>
30 simultaneous calls <br>
<br>
I want also to notice that I get all the time some warning
messages like <br>
<br>
2012-05-11 14:36:10.716722 [WARNING] sofia_reg.c:1442 SIP
auth challenge (REGISTER) on sofia profile 'internal' for
[7351@domain] from ip @ip <br>
<br>
<br>
<br>
</div>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a moz-do-not-send="true" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a moz-do-not-send="true" href="http://www.freeswitchsolutions.com/" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a moz-do-not-send="true" href="http://www.cudatel.com/" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a moz-do-not-send="true" href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>
<a moz-do-not-send="true" href="http://wiki.freeswitch.org/" target="_blank">http://wiki.freeswitch.org</a><br>
<a moz-do-not-send="true" href="http://www.cluecon.com/" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a moz-do-not-send="true" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a moz-do-not-send="true" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a moz-do-not-send="true" href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a moz-do-not-send="true" href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
Muhammad Shahzad<br>
-----------------------------------<br>
CISCO Rich Media Communication Specialist (CRMCS)<br>
CISCO Certified Network Associate (CCNA)<br>
Cell: +92 334 422 40 88<br>
MSN: <a moz-do-not-send="true" href="mailto:shari_786pk@hotmail.com">shari_786pk@hotmail.com</a><br>
Email: <a moz-do-not-send="true" href="mailto:shaheryarkh@googlemail.com">shaheryarkh@googlemail.com</a><br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com/">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a class="moz-txt-link-freetext" href="http://www.cudatel.com/">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org/">http://www.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://wiki.freeswitch.org/">http://wiki.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.cluecon.com/">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org/">http://www.freeswitch.org</a>
</pre>
</blockquote>
<br>
</div>
_________________________________________________________________________<br>Professional FreeSWITCH Consulting Services:<br><a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>http://www.freeswitchsolutions.com<br><br>FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>http://www.cudatel.com<br><br>Official FreeSWITCH Sites<br>http://www.freeswitch.org<br>http://wiki.freeswitch.org<br>http://www.cluecon.com<br><br>FreeSWITCH-users mailing list<br>FreeSWITCH-users@lists.freeswitch.org<br>http://lists.freeswitch.org/mailman/listinfo/freeswitch-users<br>UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br>http://www.freeswitch.org<br></blockquote></div><br></div></body></html>