Asterisk eats all CPU

From Kolmisoft Wiki
Jump to navigationJump to search

Network problem

Change to correct ip in /etc/asterisk/h323.conf, restart Asterisk

If does not help -> go to DDOS attack.



DDOS attack

Turn SIP debug by using command:

sip set debug on

in Asterisk CLI

if you can see many similar packets flowing from same IP, it indicates DOSS attack.

Source IP can be determined by string above SIP packet shown on CLI:

<--- SIP read from UDP:123.123.123.123:5060 --->

Block that IP as described here


You can confirm that issue is caused by attack by Unloading chan_sip.so module. If it helps - proceed.

Load module back. Check sip debug. If a lot of packets come from one IP - block it.

Check if it helps.

If nothing helps -> check Broken Code section.




Broken code

Check with: http://www.moythreads.com/wordpress/2009/05/06/why-does-asterisk-consume-100-cpu/

Investigate the module which causes it.

If not critical (like IAX2) -> unload it and check if it helps. Rinse and repeat if not.