I’m having an issues with my FreePBX that has been running for about a year now with no problems. I noticed the audio was choppy and when I looked at the network traffic I noticed the FreePBX box was uploading a continuous 8mb stream. When I restart the machine it stops and starts working normally but over the next hour or two the upload starts to climb again till it maxes out my upload connection. Is there anywhere in the webGUI that I can look and see what’s going on or any other suggestions?
I had the same issue here except that the traffic had exceeded 20mb/s. About 1/3 of it managed to pass through the firewall and onto the internet. It was affecting regular LAN network traffic. Extensions and sip trunks couldn’t stay registered. In looking at the firewall logs - it almost appeared as if it was a flood of time sync requests (NTP). Rebooting the box would quiet it down for a while but the traffic would again climb and within an hour it was back up past 20 mb/s again. I couldn’t figure out how to find the source and kill it so I ended up building a new box with a fresh install. No problems now. I would love to hear about what actually happened here.
Thenoize - Did you notice the OP provided the type of traffic? That was why he was able to be assisted. There is no way we can know what is going on without more info. Take a sniff of the outbound traffic and see what it is.
If you don’t know how to do it capture with tcpdump and view with Wireshark.
UDP 123 is NTP. The OP was victim to the recent NTP amplification attacks. I can’t think of an earthly reason why you would have NTP exposed to the Internet. The world has plenty of free atomic clock servers, we don’t need your .05 piezo crystal.