Difference between revisions of "Asterisk eats all CPU"
| Line 8: | Line 8: | ||
= DDOS attack = | = DDOS attack = | ||
Turn SIP debug by using command: | |||
sip set debug on | |||
in Asterisk CLI | |||
if you can see many similar packets flowing from same IP, it indicates DOSS attack. | |||
Source IP can be determined by string above SIP packet shown on CLI: | |||
<--- SIP read from UDP:123.123.123.123:5060 ---> | |||
Block that IP as described [[How_to_block_someone%27s_IP|here]] | |||
You can confirm that issue is caused by attack by Unloading chan_sip.so module. If it helps - proceed. | |||
Load module back. Check sip debug. If a lot of packets come from one IP - block it. | Load module back. Check sip debug. If a lot of packets come from one IP - block it. | ||
Revision as of 10:56, 25 November 2013
Network problem
Change to correct ip in /etc/asterisk/h323.conf, restart Asterisk
If does not help -> go to DDOS attack.
DDOS attack
Turn SIP debug by using command:
sip set debug on
in Asterisk CLI
if you can see many similar packets flowing from same IP, it indicates DOSS attack.
Source IP can be determined by string above SIP packet shown on CLI:
<--- SIP read from UDP:123.123.123.123:5060 --->
Block that IP as described here
You can confirm that issue is caused by attack by Unloading chan_sip.so module. If it helps - proceed.
Load module back. Check sip debug. If a lot of packets come from one IP - block it.
Check if it helps.
If nothing helps -> check Broken Code section.
Broken code
Check with: http://www.moythreads.com/wordpress/2009/05/06/why-does-asterisk-consume-100-cpu/
Investigate the module which causes it.
If not critical (like IAX2) -> unload it and check if it helps. Rinse and repeat if not.
