Difference between revisions of "Asterisk eats all CPU"

From Kolmisoft Wiki
Jump to navigationJump to search
Line 33: Line 33:


<br><br>
<br><br>
= Channels build up =
It happens in some cases when SIP dialog is not completed. For example: originator send INVITE, but does not respond after that.
Channels build up can be detected by using command:
asterisk -vrx "sip show channels"
If you see long list with same IP and same Last Message, then most likely that is the problem.
Solution is to debug and prevent such incomplete dialog.


= Broken code =
= Broken code =

Revision as of 07:31, 20 September 2017

Network problem

Change to correct ip in /etc/asterisk/h323.conf, restart Asterisk

If does not help -> go to DDOS attack.



DDOS attack

Turn SIP debug by using command:

sip set debug on

in Asterisk CLI

if you can see many similar packets flowing from same IP, it indicates DOSS attack.

Source IP can be determined by string above SIP packet shown on CLI:

<--- SIP read from UDP:123.123.123.123:5060 --->

Block that IP as described here


You can confirm that issue is caused by attack by Unloading chan_sip.so module. If it helps - proceed.

Load module back. Check sip debug. If a lot of packets come from one IP - block it.

Check if it helps.

If nothing helps -> check Broken Code section.




Channels build up

It happens in some cases when SIP dialog is not completed. For example: originator send INVITE, but does not respond after that.

Channels build up can be detected by using command:

asterisk -vrx "sip show channels"

If you see long list with same IP and same Last Message, then most likely that is the problem.

Solution is to debug and prevent such incomplete dialog.

Broken code

Check with: http://www.moythreads.com/wordpress/2009/05/06/why-does-asterisk-consume-100-cpu/

Investigate the module which causes it.

If not critical (like IAX2) -> unload it and check if it helps. Rinse and repeat if not.