No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
MENU

eSpace U1960 stop handling register request from IP Phone because message overflow

Publication Date:  2015-08-10 Views:  101 Downloads:  0
Issue Description

a customer from UK, feedback one issue that their IP Phone will lost registration sometimes, and registration will restore after some seconds.

we request the U1960 logs and make an analysis. we found customer's network is not safe, and our U1960 was attacked by some device in public network, and caused our U1960 message overflow.

U1960 message overflow:(U1960 will receive 188 times register request at the worst situation)

[100][0x00000015][2015-08-03 15:19:43.62][sipmain.c 10397]Occur Sip REGISTER  message limit flux!! Flux (178/s)
[109][0x00000015][2015-08-03 15:19:43.62][sipstktptdhalftc.c 814]Sip REGISTER Message limit flux! Drop REGISTER Message!
[100][0x00000015][2015-08-03 15:19:43.62][sipmain.c 10397]Occur Sip REGISTER  message limit flux!! Flux (179/s)
[109][0x00000015][2015-08-03 15:19:43.62][sipstktptdhalftc.c 814]Sip REGISTER Message limit flux! Drop REGISTER Message!
[100][0x00000015][2015-08-03 15:19:43.62][sipmain.c 10397]Occur Sip REGISTER  message limit flux!! Flux (180/s)
[109][0x00000015][2015-08-03 15:19:43.62][sipstktptdhalftc.c 814]Sip REGISTER Message limit flux! Drop REGISTER Message!
[100][0x00000015][2015-08-03 15:19:43.63][sipmain.c 10397]Occur Sip REGISTER  message limit flux!! Flux (181/s)
[109][0x00000015][2015-08-03 15:19:43.63][sipstktptdhalftc.c 814]Sip REGISTER Message limit flux! Drop REGISTER Message!
[100][0x00000015][2015-08-03 15:19:43.63][sipmain.c 10397]Occur Sip REGISTER  message limit flux!! Flux (182/s)
[109][0x00000015][2015-08-03 15:19:43.63][sipstktptdhalftc.c 814]Sip REGISTER Message limit flux! Drop REGISTER Message!
[100][0x00000015][2015-08-03 15:19:43.64][sipmain.c 10397]Occur Sip REGISTER  message limit flux!! Flux (183/s)
[109][0x00000015][2015-08-03 15:19:43.64][sipstktptdhalftc.c 814]Sip REGISTER Message limit flux! Drop REGISTER Message!
[100][0x00000015][2015-08-03 15:19:43.64][sipmain.c 10397]Occur Sip REGISTER  message limit flux!! Flux (184/s)
[109][0x00000015][2015-08-03 15:19:43.64][sipstktptdhalftc.c 814]Sip REGISTER Message limit flux! Drop REGISTER Message!
[100][0x00000015][2015-08-03 15:19:43.65][sipmain.c 10397]Occur Sip REGISTER  message limit flux!! Flux (185/s)
[109][0x00000015][2015-08-03 15:19:43.65][sipstktptdhalftc.c 814]Sip REGISTER Message limit flux! Drop REGISTER Message!
[100][0x00000015][2015-08-03 15:19:43.65][sipmain.c 10397]Occur Sip REGISTER  message limit flux!! Flux (186/s)
[109][0x00000015][2015-08-03 15:19:43.65][sipstktptdhalftc.c 814]Sip REGISTER Message limit flux! Drop REGISTER Message!
[100][0x00000015][2015-08-03 15:19:43.66][sipmain.c 10397]Occur Sip REGISTER  message limit flux!! Flux (187/s)
[109][0x00000015][2015-08-03 15:19:43.66][sipstktptdhalftc.c 814]Sip REGISTER Message limit flux! Drop REGISTER Message!
[100][0x00000015][2015-08-03 15:19:43.66][sipmain.c 10397]Occur Sip REGISTER  message limit flux!! Flux (188/s)

and we found this register message come from public network, but customer's sip termianl located in subnet. so this is obvious that customer netwrok was attacked.



Solution
we feedback this analysis result to our customer. and suggest them to reinforce their network to avoid to be attacked again. 

END

Contribute Articles
Huawei Enterprise APP

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.