Difference between revisions of "Asterisk eats all CPU"
(5 intermediate revisions by 2 users not shown) | |||
Line 2: | Line 2: | ||
Change to correct ip in /etc/asterisk/h323.conf, restart Asterisk | Change to correct ip in /etc/asterisk/h323.conf, restart Asterisk | ||
If does not help -> go to DDOS attack. | |||
<br><br> | <br><br> | ||
= DDOS attack = | = DDOS attack = | ||
Turn SIP debug by using command: | |||
Check sip debug. If a lot of packets come from one IP - block it. | sip set debug on | ||
in Asterisk CLI | |||
if you can see many similar packets flowing from same IP, it indicates DOSS attack. | |||
Source IP can be determined by string above SIP packet shown on CLI: | |||
<--- SIP read from UDP:123.123.123.123:5060 ---> | |||
Block that IP as described [[How_to_block_someone%27s_IP|here]] | |||
You can confirm that issue is caused by attack by Unloading chan_sip.so module. If it helps - proceed. | |||
Load module back. Check sip debug. If a lot of packets come from one IP - block it. | |||
Check if it helps. | Check if it helps. | ||
If nothing helps -> check Broken Code section. | |||
<br><br> | |||
= Channels build up = | |||
It happens in some cases when SIP dialog is not completed. For example: originator send INVITE, but does not respond after that. | |||
Channels build up can be detected by using command: | |||
asterisk -vrx "sip show channels" | |||
If you see long list with same IP and same Last Message, then most likely that is the problem. | |||
Solution is to debug and prevent such incomplete dialog. | |||
<br><br> | <br><br> | ||
Latest revision as of 07:31, 20 September 2017
Network problem
Change to correct ip in /etc/asterisk/h323.conf, restart Asterisk
If does not help -> go to DDOS attack.
DDOS attack
Turn SIP debug by using command:
sip set debug on
in Asterisk CLI
if you can see many similar packets flowing from same IP, it indicates DOSS attack.
Source IP can be determined by string above SIP packet shown on CLI:
<--- SIP read from UDP:123.123.123.123:5060 --->
Block that IP as described here
You can confirm that issue is caused by attack by Unloading chan_sip.so module. If it helps - proceed.
Load module back. Check sip debug. If a lot of packets come from one IP - block it.
Check if it helps.
If nothing helps -> check Broken Code section.
Channels build up
It happens in some cases when SIP dialog is not completed. For example: originator send INVITE, but does not respond after that.
Channels build up can be detected by using command:
asterisk -vrx "sip show channels"
If you see long list with same IP and same Last Message, then most likely that is the problem.
Solution is to debug and prevent such incomplete dialog.
Broken code
Check with: http://www.moythreads.com/wordpress/2009/05/06/why-does-asterisk-consume-100-cpu/
Investigate the module which causes it.
If not critical (like IAX2) -> unload it and check if it helps. Rinse and repeat if not.