Vaillancourt<michel@wolfstar.ca> wrote:
>
> Hello to the list. A customer of mine had a lousy time this morning
> with his IP PBX because his upstream ITSP provider was DOS'd. In
> conversation with the ITSP afterwards, I was told that because the
> customer was using IAX2, they were particularly susceptible to service
> interruptions of this kind. Essentially, IAX2 was significantly more
> fragile "in the wild" than SIP was. If my customer wanted stability and
> surety , the answer was migrate away from IAX2 to SIP.
>
> My question to the folks out here "in the wild" is if this statement
> and recommendation holds water with what you have all seen in your
> experiences. I'm looking for facts and experience as much as possible,
> so that I can make the right recommendation for my customer.
>
> Thanks in advance for the help.
>
> --Michel
>
I won't get into any of my other opinions of IAX2 here.
Yes, since it uses a single port, DoS is fairly easy by banging on it
really hard.
I am not sure that there is any mechanism such as SER round robbin to
mitigate DoS attacks for IAX2 by spreading them across boxen.
I guess if you used round robin DNS entries, that could work, but
Asterisk doesn't handle DNS failures very gracefully, that is why I
(almost) always hard code an IP.
Anyways, your provider should have something in place to recognize DoS
attacks and block them at the firewall, then it becomes a bandwidth
issue rather than an Asterisk capability issue.
--
Thanks,
Steve Totaro
+18887771888 (Toll Free)
+12409381212 (Cell)
+12024369784 (Skype)
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
Posts
No comments:
Post a Comment