Hello,
I have problems with too many branches for latest X-Lite release 1011s stamp 41150. Other phones are working properly. X-Lites are trying to subscribe each 40 seconds with different rinstance strings. Example:
mysql> select contact,last_modified from location where username='1538' order by last_modified; +-----------------------------------------------------------+---------------------+ | contact | last_modified | +-----------------------------------------------------------+---------------------+ | sip:1538@158.197.240.237:51092;rinstance=897b6ff9462755eb | 2007-06-13 14:17:41 | | sip:1538@158.197.240.237:51092;rinstance=059223be49bdc5a4 | 2007-06-13 14:18:21 | | sip:1538@158.197.240.237:51092;rinstance=e3b22d920bdd9b61 | 2007-06-13 14:19:00 | | sip:1538@158.197.240.237:51092;rinstance=163058af66fd3b21 | 2007-06-13 14:19:39 | | sip:1538@158.197.10.104:5060 | 2007-06-13 15:10:01 | +-----------------------------------------------------------+-------------------
After some time there is 30-90 subscriptions for some users (not for all users of X-lite, but only for lastest Xlite).
After some time openser is sending many SUBSCRIBE requests to these users and eats all of CPU, my calls are very slow.
I am now trying to play with "max_contacts" registrar parameter set to 5. Is it a problem of X-lite and how to prevent these DOS attacks from wrong softphones?
Thank you.
SAL
Hello Jan,
the only way to limit the number of registrations (stored ones) is indeed via "max_contacts", but in this case, the newest registration attempts will be dropped. I mean this will protect your server, but the new Xten will not register anymore.
regards, bogdan
Jan ONDREJ (SAL) wrote:
Hello,
I have problems with too many branches for latest X-Lite release 1011s stamp 41150. Other phones are working properly. X-Lites are trying to subscribe each 40 seconds with different rinstance strings. Example:
mysql> select contact,last_modified from location where username='1538' order by last_modified; +-----------------------------------------------------------+---------------------+ | contact | last_modified | +-----------------------------------------------------------+---------------------+ | sip:1538@158.197.240.237:51092;rinstance=897b6ff9462755eb | 2007-06-13 14:17:41 | | sip:1538@158.197.240.237:51092;rinstance=059223be49bdc5a4 | 2007-06-13 14:18:21 | | sip:1538@158.197.240.237:51092;rinstance=e3b22d920bdd9b61 | 2007-06-13 14:19:00 | | sip:1538@158.197.240.237:51092;rinstance=163058af66fd3b21 | 2007-06-13 14:19:39 | | sip:1538@158.197.10.104:5060 | 2007-06-13 15:10:01 | +-----------------------------------------------------------+-------------------
After some time there is 30-90 subscriptions for some users (not for all users of X-lite, but only for lastest Xlite).
After some time openser is sending many SUBSCRIBE requests to these users and eats all of CPU, my calls are very slow.
I am now trying to play with "max_contacts" registrar parameter set to 5. Is it a problem of X-lite and how to prevent these DOS attacks from wrong softphones?
Thank you.
SAL
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Hi,
thank you for information. I can confirm that now. It helped me to solve this problem and this user can log in, but after some time he must wait for location expiration to log in again. He was been asked to downgrade or replace it's client.
SAL
On Tue, Jun 19, 2007 at 11:08:55AM +0300, Bogdan-Andrei Iancu wrote:
Hello Jan,
the only way to limit the number of registrations (stored ones) is indeed via "max_contacts", but in this case, the newest registration attempts will be dropped. I mean this will protect your server, but the new Xten will not register anymore.
regards, bogdan
Jan ONDREJ (SAL) wrote:
Hello,
I have problems with too many branches for latest X-Lite release 1011s stamp 41150. Other phones are working properly. X-Lites are trying to subscribe each 40 seconds with different rinstance strings. Example:
mysql> select contact,last_modified from location where username='1538' order by last_modified; +-----------------------------------------------------------+---------------------+ | contact | last_modified | +-----------------------------------------------------------+---------------------+ | sip:1538@158.197.240.237:51092;rinstance=897b6ff9462755eb | 2007-06-13 14:17:41 | | sip:1538@158.197.240.237:51092;rinstance=059223be49bdc5a4 | 2007-06-13 14:18:21 | | sip:1538@158.197.240.237:51092;rinstance=e3b22d920bdd9b61 | 2007-06-13 14:19:00 | | sip:1538@158.197.240.237:51092;rinstance=163058af66fd3b21 | 2007-06-13 14:19:39 | | sip:1538@158.197.10.104:5060 | 2007-06-13 15:10:01 | +-----------------------------------------------------------+-------------------
After some time there is 30-90 subscriptions for some users (not for all users of X-lite, but only for lastest Xlite).
After some time openser is sending many SUBSCRIBE requests to these users and eats all of CPU, my calls are very slow.
I am now trying to play with "max_contacts" registrar parameter set to 5. Is it a problem of X-lite and how to prevent these DOS attacks from wrong softphones?
Thank you.
SAL
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Jan ONDREJ (SAL) wrote:
I have problems with too many branches for latest X-Lite release 1011s stamp 41150. Other phones are working properly. X-Lites are trying to subscribe each 40 seconds with different rinstance strings. Example:
Out of curiosity, what is rinstance parameter, and what is it used for? The Internets doesn't seem to know.
Thanks, Sajith.
Sajith T S wrote:
Jan ONDREJ (SAL) wrote:
I have problems with too many branches for latest X-Lite release 1011s stamp 41150. Other phones are working properly. X-Lites are trying to subscribe each 40 seconds with different rinstance strings. Example:
Out of curiosity, what is rinstance parameter, and what is it used for? The Internets doesn't seem to know.
It is a proprietary parameter to identify which registration caused an incoming call. E.g. a SIP client registers to 2 proxies, e.g. klaus@iptel.org and klaus@fwd.pulver.com. It will use the contact header sip:user@localipaddress.
If there is an incoming request, the RURI is sip:user@localipaddress and the client can't reliable tell if this is an incoming call from iptel.org or fwd.
By adding a different instance header for each proxy it is possible to distinguish incoming calls, e.g.: Contact: sip:user@localipaddress;rinstance=1234 for iptel account Contact: sip:user@localipaddress;rinstance=5678 for fwd account
btw: snom phones use line=... and AVM Fritz use uniq=...
regards klaus
Klaus Darilion wrote:
By adding a different instance header for each proxy it is possible to distinguish incoming calls, e.g.: Contact: sip:user@localipaddress;rinstance=1234 for iptel account Contact: sip:user@localipaddress;rinstance=5678 for fwd account
This is interesting. Thank you Klaus.
Sajith.
-
Bogdan-Andrei Iancu -
Jan ONDREJ (SAL) -
Klaus Darilion -
Sajith T S