[Spce-user] Banned subscribers

Matthew Ogden matthew at tenacit.net
Fri Sep 20 14:41:15 EDT 2013 

Just check what Andreas is saying as well.

I found, if the peering between ISPs broke down, and traffic was flowing
only from the subscriber to you, then depending on the device, it would
authenticate over and over because it wasn't receiving replies from my
server. Then my server would ban it. So depending  on how many times it
will retransmit, and retry in a given period, is what you need to allow
for (bearing in mind, the more you allow for, the higher the risk of
someone brute force attacking. It would show up as a banned subscriber.

Be sure to check that it isn't a real attack like Andreas is saying. Check
that it was your own subscribers normal IP that caused the ban before
changing any settings etc.

Also check this thread between Jon and myself:
http://lists.sipwise.com/pipermail/spce-user/2013-July/004411.html as now
I recall that both the auth_ban (for DDOS) and dos attack settings for me
needed to be changed.

Regards

> -----Original Message-----
> From: Jeremie Chism [mailto:jchism2 at gmail.com]
> Sent: 20 September 2013 08:27 PM
> To: Matthew Ogden
> Subject: Re: [Spce-user] Banned subscribers
>
> What settings worked best in your situation
>
> Sent from my iPhone
>
> > On Sep 20, 2013, at 12:20 PM, Matthew Ogden <matthew at tenacit.net>
> wrote:
> >
> > Hi Jeremie,
> >
> > The DOS and DDOS security checks will cause this. (DDOS = same user,
> > from multiple IPs. DOS  = one IP, constantly hammering)
> >
> > Check in the config.yml section kamailio:   lb: security
> >
> > We found the initial settings to strict for our environment, if there
> > is some sort of connectivity peering issue, packets might not get
> > back, but the subscriber keeps trying to login to quickly for the
> > settings, so the LB banned them.
> >
> > Hope this helps.
> >
> > Regards
> >
> >
> >
> >
> >> -----Original Message-----
> >> From: spce-user-bounces at lists.sipwise.com [mailto:spce-user-
> >> bounces at lists.sipwise.com] On Behalf Of Jeremie Chism
> >> Sent: 20 September 2013 07:05 PM
> >> To: spce-user at lists.sipwise.com
> >> Subject: [Spce-user] Banned subscribers
> >>
> >> What would cause subscribers with correct information to randomly be
> >> banned. I saw 30 this morning get banned all at once. Now throughout
> >> the day I see other subs get banned. This seems to just have started
> >> in the
> > last
> >> couple days
> >>
> >> Sent from my iPhone
> >> _______________________________________________
> >> Spce-user mailing list
> >> Spce-user at lists.sipwise.com
> >> http://lists.sipwise.com/listinfo/spce-user

More information about the Spce-user mailing list