Obi200 trouble w/ voip.ms since ~Oct 12

<< < (3/7) > >>

drgeoff:
http://kb.sleepyshark.com/article.php?id=6

Disable SIP ALG on Surfboard SBG6580

drgeoff:
Quote from: Mango on November 08, 2016, 07:57:29 am

He must have it in bridge mode if he's getting a 76. address.

But if in bridge mode surely it should not be feeding the OBi and another router at the same time?

Steve_M:
Confirming setup until yesterday:

SBG6580 Port 1 ==> DD WRT Router (WAN 76.x.x.x) ==> multiple LAN and WLAN devices in 192.x.x.x
SBG6580 Port 2 ==> Obi200 (WAN 76.x.x.x)

As of last night, the Obi200 is "just another device" on the LAN side of the DD WRT (192.x.x.x).

Only one long call attempt today, and it DID go beyond 15 minutes successfully.

Capturing syslog data during calls, until I catch one that drops at the magic 15 minutes.  The syslog is MUCH less spammed behind the router.  While it was still in the public space, I had 1300 log entries like this over the course of an hour:

     [Nov 07 22:54:06][76.x.x.x]<7> ++++ ph tftp request=1; /x
     ... 14 more entries just like these ..., and 1200+ more in groups of 5-15 in the hour
     [Nov 07 22:54:32][76.x.x.x]<7> ++++ ph tftp request=1; /x

I still don't see the connection between the spam and the 15 minute drops, except in a very generic "the Obi lost track of important stuff while it was dealing with spam" :)

Will test again tomorrow and report back, work permitting!

Mango:
Quote from: Steve_M on November 08, 2016, 07:24:28 pm

I still don't see the connection between the spam and the 15 minute drops, except in a very generic "the Obi lost track of important stuff while it was dealing with spam" :)

This is basically it.  VoIP.ms sends a SIP packet to your ATA every 15 minutes to be sure the ATA is still online.  As I mentioned earlier, this is called a session timer.  When your ATA is being attacked, it does not respond to VoIP.ms, so VoIP.ms thinks your ATA has fallen offline and ends the call so that your balance doesn't get used up by a call that goes on forever.

Placing your ATA behind a firewall (which you've done) is the best solution.

Mango:
I bet this is the type of attack that is occurring:

http://news.softpedia.com/news/600-000-tftp-servers-can-be-abused-for-reflection-ddos-attacks-501568.shtml
http://news.softpedia.com/news/ddos-attacks-via-tftp-protocol-become-a-reality-after-research-goes-public-504713.shtml

Your OBi200 was participating in a DDoS attack, and in the process, got DoSed itself.

Navigation

[0] Message Index

[#] Next page

[*] Previous page