Tuesday, July 7, 2009

Re: [asterisk-biz] SIP vs IAX2 ... looking for advice

On Tue, Jul 7, 2009 at 12:46 PM, Michel R
Vaillancourt<michel@wolfstar.ca> wrote:
>
>    Hello to the list.  A customer of mine had a lousy time this morning
> with his IP PBX because his upstream ITSP provider was DOS'd.  In
> conversation with the ITSP afterwards, I was told that because the
> customer was using IAX2, they were particularly susceptible to service
> interruptions of this kind.  Essentially, IAX2 was significantly more
> fragile "in the wild" than SIP was.  If my customer wanted stability and
> surety , the answer was migrate away from IAX2 to SIP.
>
>    My question to the folks out here "in the wild" is if this statement
> and recommendation holds water with what you have all seen in your
> experiences.  I'm looking for facts and experience as much as possible,
> so that I can make the right recommendation for my customer.
>
>    Thanks in advance for the help.
>
>    --Michel
>

I won't get into any of my other opinions of IAX2 here.

Yes, since it uses a single port, DoS is fairly easy by banging on it
really hard.

I am not sure that there is any mechanism such as SER round robbin to
mitigate DoS attacks for IAX2 by spreading them across boxen.

I guess if you used round robin DNS entries, that could work, but
Asterisk doesn't handle DNS failures very gracefully, that is why I
(almost) always hard code an IP.

Anyways, your provider should have something in place to recognize DoS
attacks and block them at the firewall, then it becomes a bandwidth
issue rather than an Asterisk capability issue.

--
Thanks,
Steve Totaro
+18887771888 (Toll Free)
+12409381212 (Cell)
+12024369784 (Skype)

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

No comments: