<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Could be less sinister. If you are bridging calls and the remote ip stops responding, fs can get backed up with calls, show channels will take forever and even trying to tab out commands will take some time. You can confirm if this is the case by opening core.db in sqlite3 and issue a command something like "select * from channels". If it is a back log, you can delete the channels from sqlite (delete from ... Where ..), you also need to delete from calls. I'm not 100% is its safe to do so though, but it's worked for me in the past. Bridging to a gateway rather than ip will help if this is the issue.</div><div>The other thing I've seen cause what you describe is a bunged up ip tables (lots and lots of ruled from automated blocking)</div><div>Have a look at iptables -L -n (I think that's right), and if lots of old rules, try restarting iptables.</div><div>If it is a dos attack then as many have said, fail2ban is the way to go - though you should have that installed anyway.</div><div>The simplest way to check if you are under attack is to install wireshark and issue: tethereal port 5060.</div><div>Thanks</div><div>Oz</div><div><br><br></div><div><br>On 26 Jun 2015, at 18:31, Stanislav Sinyagin &lt;<a href="mailto:ssinyagin@gmail.com">ssinyagin@gmail.com</a>&gt; wrote:<br><br></div><blockquote type="cite"><div><p dir="ltr">But do you see an excessive amount of SIP messages coming to your server?</p>
<div class="gmail_quote">On Jun 26, 2015 6:22 PM, "Eric Ni" &lt;<a href="mailto:xyangni@gmail.com">xyangni@gmail.com</a>&gt; wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks. I have tried this. But today it happen again. When I killed freeswith process and restart it, everything back to normal. So it does seem to be a DOS attack now. Or restarting fs won't make any difference.&nbsp;</div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Jun 13, 2015 at 1:04 AM, Stanislav Sinyagin <span dir="ltr">&lt;<a href="mailto:ssinyagin@gmail.com" target="_blank">ssinyagin@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">here are iptables rules which do a simple rate limiting for SIP<br>
messages, probably this helps:<br>
<a href="https://txlab.wordpress.com/2013/06/29/protecting-a-vpbx-from-dos-attacks/" rel="noreferrer" target="_blank">https://txlab.wordpress.com/2013/06/29/protecting-a-vpbx-from-dos-attacks/</a><br>
<div><div><br>
<br>
<br>
On Sat, Jun 13, 2015 at 1:46 AM, Eric Ni &lt;<a href="mailto:xyangni@gmail.com" target="_blank">xyangni@gmail.com</a>&gt; wrote:<br>
&gt; Hi,<br>
&gt;<br>
&gt; I am using FreeSWITCH Version 1.4.18+git~20150312T185523Z~4eed221b69~64bit<br>
&gt; (git 4eed221 2015-03-12 18:55:23Z 64bit) on ubuntu 14.04, Linode VPS.<br>
&gt; It has been working fine for about 2 months. But recently it stopped working<br>
&gt; with CPU rate above 95% for several times. SIP client got 408 timeout error.<br>
&gt; I have to login system to kill the process and start over again.&nbsp; Then it<br>
&gt; back to normal for a period. Checked the log file, it seem to be a sudden<br>
&gt; stop. Nothing special before the stop and completely no log starting from<br>
&gt; the issue. May I ask how I should handle this issue? Thanks.<br>
&gt;<br>
&gt; Regards,<br>
&gt; Eric<br>
&gt;<br>
</div></div>&gt; _________________________________________________________________________<br>
&gt; Professional FreeSWITCH Consulting Services:<br>
&gt; <a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
&gt; <a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
&gt;<br>
&gt; Official FreeSWITCH Sites<br>
&gt; <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
&gt; <a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
&gt; <a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
&gt;<br>
&gt; FreeSWITCH-users mailing list<br>
&gt; <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
&gt; <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
&gt; UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
&gt; <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div><br></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div>
</div></blockquote><blockquote type="cite"><div><span>_________________________________________________________________________</span><br><span>Professional FreeSWITCH Consulting Services: </span><br><span><a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a></span><br><span><a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a></span><br><span></span><br><span>Official FreeSWITCH Sites</span><br><span><a href="http://www.freeswitch.org">http://www.freeswitch.org</a></span><br><span><a href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a></span><br><span><a href="http://www.cluecon.com">http://www.cluecon.com</a></span><br><span></span><br><span>FreeSWITCH-users mailing list</span><br><span><a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a></span><br><span><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a></span><br><span>UNSUBSCRIBE:http://<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users">lists.freeswitch.org/mailman/options/freeswitch-users</a></span><br><span><a href="http://www.freeswitch.org">http://www.freeswitch.org</a></span></div></blockquote></body></html>