Coturn is being abused for an amplification attack #1927

Open
opened 2025-11-20 06:09:24 -05:00 by saavagebueno · 0 comments
Owner

Originally created by @R0CKB0TT0M on GitHub (May 30, 2025).

Just putting this here so people see it and can take action. This is not a netbird issue.
A colleague at work just told me about this and looking at the coturn logs of my self hosted server I did see some suspicious IP addresses in the logs. This is an issue for the coturn people to figure out but it's probably a good idea to disable coturn in your setup before your ISP or vps provider bans you. As far as I know netbird only uses coturn for fallback so disabling it should be fine for most Users.
See the link below for more information.

https://www.reddit.com/r/selfhosted/s/5hAsU6WXN6

Originally created by @R0CKB0TT0M on GitHub (May 30, 2025). Just putting this here so people see it and can take action. This is not a netbird issue. A colleague at work just told me about this and looking at the coturn logs of my self hosted server I did see some suspicious IP addresses in the logs. This is an issue for the coturn people to figure out but it's probably a good idea to disable coturn in your setup before your ISP or vps provider bans you. As far as I know netbird only uses coturn for fallback so disabling it should be fine for most Users. See the link below for more information. https://www.reddit.com/r/selfhosted/s/5hAsU6WXN6
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#1927