said by OZO:When I pointed that out to FS developers, I was faced back with arrogance - "it's your problem, not ours. Use system provided protection mechanisms if you need to do the job". But I think they're dead wrong. FS can easily recognize the beginning of the attack by a simple analysis of the SIP incoming traffic...
Your suggestion sounds like the approach that 3cx takes:
quote:
»www.3cx.com/blog/voip-ar ··· -attack/
3CX Premium Partner, Charles Ambrosecchia of Sigma Networks, reports that their Network Operations Center was the subject of an intense attack from an IP Address inside Germany for 17 continuous hours, with data rates peaking at over 5Mbps to a single 3CX Phone System installation.
Charles stated that 3CX Phone System performed admirably by rejecting the initial attempts at registration with incorrect forged credentials (essentially a brute force attack). Shortly thereafter, 3CX Phone System automatically classified the source of the attack as a potentially malignant entity and added it to its dynamic blacklist.
3cx is a commercial company. So they have a direct monetary incentive to solve their users' practical problems, rather than to be arrogant about it and treat it as an abstract problem.