Fail2band installation http://striker24x7.blogspot.in/2011/07/fail2ban-in-asterisk.html?m=1
Iptables http://striker24x7.blogspot.in/2014/03/simple-iptables-script.html?m=1 With regards N.Prakash ------------------------------ From: Anurag Rana <anuragrana31...@gmail.com> Sent: 27-06-2014 08:22 PM To: Prakash N <prakas...@tevatel.com> Cc: Asterisk Users Mailing List - Non-Commercial Discussion <asterisk-users@lists.digium.com> Subject: Re: [asterisk-users] Attack on Sip server. Both Rules* (typo in last mail) On Fri, Jun 27, 2014 at 8:19 PM, Anurag Rana <anuragrana31...@gmail.com> wrote: > I added bot rules TCP as well as UDP. Still not working. > > How changing SIP listen port will prevent it. Please explain. > > I will try fail2band. > > > On Fri, Jun 27, 2014 at 8:16 PM, Prakash N <prakas...@tevatel.com> wrote: > >> Hi, >> >> Install fail2band and change sip listen port to avoid attack >> >> With regards >> >> N.Prakash >> ------------------------------ >> From: Anurag Rana <anuragrana31...@gmail.com> >> Sent: 27-06-2014 08:07 PM >> To: Asterisk Users Mailing List - Non-Commercial Discussion >> <asterisk-users@lists.digium.com> >> Subject: [asterisk-users] Attack on Sip server. >> >> >> Hi All. >> >> Someone is attacking on my SIP server. >> There are lot of requests coming in and I am not able to stop it because >> I am unable to detect the IP address. >> I used wireshark to capture the packets. >> >> Although I am using very strong password for my SIP users but still is >> there any way to drop these packets and stop this attack. >> >> I tried dropping packet after matching some string (most of the packets >> from attacker contains string 'VaxSIPUserAgent/3.1' ) but it failed. >> Packets are still flowing in. >> >> iptables -I INPUT 1 -p tcp --dport 5060 -m string --string "VaxSIPUserAgent" >> --algo bm -j DROP >> >> >> Its something like this >> >> Registration from '"30" <sp:30@my_public_ip:5060> failed for >> '192.168.xxx.xxx:6373' - Wrong Password >> >> and there are approx 10 request per minute of this type. >> >> Please suggest some way to stop this. >> >> >> -- >> Anurag Rana >> http://newbie42.blogspot.in/ >> On the trampoline of life's experiences, Striving towards a saintly life >> in the midst of these materialistic turbulences. >> >> >> > > > -- > Anurag Rana > http://newbie42.blogspot.in/ > On the trampoline of life's experiences, Striving towards a saintly life > in the midst of these materialistic turbulences. > > > -- Anurag Rana http://newbie42.blogspot.in/ On the trampoline of life's experiences, Striving towards a saintly life in the midst of these materialistic turbulences.
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users