I have a FreePBX 22.214.171.124 (Elatix) thats worked fine for almost a year ith no issues, but lately it has started kill me bandwidth. It’s my 3 T1’s maxing them out 100%
I disconnect PBX and bandwidth goes back to normal or reboot PBX and everything works well for about an hour.
I have done all the updates and installed fail2ban, but still happening daily.
More than likely your machine has been compromised in some way.
Do you have any ports open to the Internet?
You need to provide more information. Are any channels open during these periods of high usage (use asterisk command “core show channels”)?
Don’t guess, just look at the traffic and see for yourself. You will be able to find out right away if there’s something chewing up bandwidth on your box.
There are many tools at your disposal.
‘tcpdump’ summarizes network traffic as it occurs. Use ‘man tcpdump’ to see what your options are. If you just run it as ‘tcpdump’ it will dump packet summaries of your first ethernet interface. See what scrolls by. You’ll see SIP signaling on port 5060, iax2 on 4569, RTP on high-numbered ports like 10000-20000, etc. Look for loads of traffic on well-known ports like 80, 443, 21 (http, https, ftp). Also look for irc (6667). Maybe someone hacked in and installed a bot.
‘netstat -an’ will show you established connections and ports that are listening. Scrutinize. Check all the port #s that are listening and established. Can you identify them?
‘lsof | grep IPv’ will show you what programs have sockets open. You might have to install lsof using yum if you don’t have it. Use lsof to find a culprit you have identified with tcpdump or netstat.
You say you installed fail2ban. Before you did that, were you seeing a bunch of failed SIP registrations or invites in your Asterisk logs?