Over the last two weeks, we have had at least two “incidents” where our
asterisk server got flooded (a hundred or more per second) by SIP
packets. Once from 220.127.116.11, second time from 18.104.22.168. We
became aware of the problem when bandwidth started suffering because
asterisk got very busy sending back replies or rejects (dunno which, I
didn’t investigate it any further).
The immediate issues were dealt with by having the firewall drop those
packets, but I was wondering:
1) if anyone has seen the same problem, and
2) if you’ve got some iptables rules for limiting inbound SIP by rate?
(or some such).
Per Jessen, Zürich