This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strange high bandwidth SIP traffic

Hi,
From about 2 weeks ago, Astaro receive strange high load SIP traffic sourced from 42.234.141.122.adsl-pool.jlccptt.net.cn as shown in the attached screen shot, and when I block this traffic using the flow control window it cause nothing, so how can I block this kind of traffic or how can I track this traffic, please note that I searched all my log files I did not find any log with the source "42.234.141.122.adsl-pool.jlccptt.net.cn". any information about how can I track this traffic and stop it.
Thanks,
Mostafa Aly

This thread was automatically locked due to age.

Parents

0 BarryG over 12 years ago

So, basically you have your VOIP server open to the internet.

You should check the logs on the VOIP server to see if it is being abused by the mentioned .jp address (or others), and see if you can better secure the server.

Meanwhile, you can create a PacketFilter rule to DROP traffic from that address.
Be sure to put it ABOVE the rules allowing incoming VOIP traffic. If you are using the 'auto packetfilter rule' on the NAT, you will need to turn that off, and add PacketFilter rules for SIP and RTP.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 12 years ago

So, basically you have your VOIP server open to the internet.

You should check the logs on the VOIP server to see if it is being abused by the mentioned .jp address (or others), and see if you can better secure the server.

Meanwhile, you can create a PacketFilter rule to DROP traffic from that address.
Be sure to put it ABOVE the rules allowing incoming VOIP traffic. If you are using the 'auto packetfilter rule' on the NAT, you will need to turn that off, and add PacketFilter rules for SIP and RTP.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data