[Spce-user] Asterisk client issues

Matthew Ogden matthew at tenacit.net
Tue Jan 28 09:20:12 EST 2014 

I don't have many static IP subscribers, though in the case of this one,
it is already in dos_whitelisted_ips of config.yml, but the nonce issue
still happens to it.



> -----Original Message-----
> From: spce-user-bounces at lists.sipwise.com [mailto:spce-user-
> bounces at lists.sipwise.com] On Behalf Of Daniel Grotti
> Sent: 28 January 2014 04:17 PM
> To: spce-user at lists.sipwise.com
> Subject: Re: [Spce-user] Asterisk client issues
>
> Hi Matthew,
> what if you insert your Asterisk's IP in "dos_whitelisted_ips:" line ?
>
> Daniel
>
>
>
>
>
>
> On 01/27/2014 04:35 PM, Matthew Ogden wrote:
> > Did you guys end up making a decision on this? I still have Asterisk
> > subscribers causing auth fail with stale nonce situations.
> >
> >
> >
> >
> > On Fri, Jul 19, 2013 at 4:12 PM, Jon Bonilla <jbonilla at sipwise.com
> > <mailto:jbonilla at sipwise.com>> wrote:
> >
> >     El Fri, 19 Jul 2013 16:11:22 +0200
> >     Jon Bonilla (Manwe) <jbonilla at sipwise.com
> >     <mailto:jbonilla at sipwise.com>> escribió:
> >
> >     > El Fri, 19 Jul 2013 16:03:54 +0200
> >     > Matthew Ogden <matthew at tenacit.net
> <mailto:matthew at tenacit.net>>
> >     escribió:
> >     >
> >     > > Thanks
> >     > >
> >     > > What will happen if I disable it, and a outside IP attacks
using
> >     this
> >     > > username?
> >     > >
> >     > > Will they be caught by flooding auth packets?
> >     > >
> >     >
> >     >
> >     > The auth_ban protection check failed auth attepmts from multiple
> >     destinations
> >     > and protects against ddos attacks bypassing dos protection.
These
> >     are quite
> >     > uncommon. The dos protection bans ip addresses if they send more
> >     than x
> >     > requests per second. This is more useful and it's the most
common
> >     scenario.
> >     >
> >     > If an ip address tries to bruteforce attack your system, that ip
> >     address will
> >     > be banned.
> >     >
> >
> >
> >     Anyways, we're discussing internally if the stale_nonce situation
> >     should be
> >     excluded from the auth_check_ban protection for these situations.
We
> >     might
> >     change the ddos protection a little bit in future versions
> >
> >
> >
> >
> > _______________________________________________
> > Spce-user mailing list
> > Spce-user at lists.sipwise.com
> > http://lists.sipwise.com/listinfo/spce-user
> >
>
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> http://lists.sipwise.com/listinfo/spce-user

More information about the Spce-user mailing list