-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is off topic, but I thought I should tell people. This past weekend, I suffered a DOS attack launched against VOIP SIP Clients. The attack came, at different times, from 3 separate IP addresses. I blocked the IP addresses using IP Tables when I discovered it. The attack was a bombardment of several hundred SIP REGISTER requests, per second, with a user agent of friendly-scanner. The attack was a sustained attack over three days. I contacted my ISP. They told me they have taken steps. I contacted 2 of the 3 owners of the offending IP addresses. The third owner of the IP address was a job site address in China, and I couldn't figure out how to contact them. In my case, I run the VOIP SIP program, twinkle. Twinkle started consuming vast amounts of memory, going from a normal 5 MiB usage to 500-600 MiB usage, before I realized what was happening. Twinkle attempted to respond to each incoming packet with an outgoing SIP error packet. I posted a message on the yahoo group used by twinkle asking what they could do to better handle such an attack. If you suddenly seem to have memory problems, I suggest running something like System Monitor to find out what applications have memory. I also be on the lookout for unexpectedly high internet traffic. This message is off-topic, because it is not specific to Fedora. I thought it wouldn't hurt to let people know of this type of attack. I hope people don't object to this off-topic post. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAky3WikACgkQyc8Kn0p/AZRr+QCgnpEL5nIS5JX+0AucTKeGyrbf ZDoAnjIFC7hVPW58sKM6tVVNSNwEN2xq =mLHd -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
