If you have a small Asterisk installation install the free version of SecAst:
http://www.voip-info.org/wiki/view/SecAst+(Asterisk+Intrusion+Detection+and+Prevention) For general Asterisk security info check this out: http://www.voip-info.org/wiki/view/Asterisk+security -=Michelle=- All opinions posted are my own, and do not necessarily reflect those of my employer. As an employee of GenerationD my opions are serious biased :) ________________________________ From: asterisk-users-boun...@lists.digium.com <asterisk-users-boun...@lists.digium.com> on behalf of Anurag Rana <anuragrana31...@gmail.com> Sent: Friday, June 27, 2014 10:49 AM To: Prakash N Cc: Asterisk Users List Subject: Re: [asterisk-users] Attack on Sip server. I added bot rules TCP as well as UDP. Still not working. How changing SIP listen port will prevent it. Please explain. I will try fail2band. On Fri, Jun 27, 2014 at 8:16 PM, Prakash N <prakas...@tevatel.com<mailto:prakas...@tevatel.com>> wrote: Hi, Install fail2band and change sip listen port to avoid attack With regards N.Prakash ________________________________ From: Anurag Rana<mailto:anuragrana31...@gmail.com> Sent: ?27-?06-?2014 08:07 PM To: Asterisk Users Mailing List - Non-Commercial Discussion<mailto:asterisk-users@lists.digium.com> Subject: [asterisk-users] Attack on Sip server. Hi All. Someone is attacking on my SIP server. There are lot of requests coming in and I am not able to stop it because I am unable to detect the IP address. I used wireshark to capture the packets. Although I am using very strong password for my SIP users but still is there any way to drop these packets and stop this attack. I tried dropping packet after matching some string (most of the packets from attacker contains string 'VaxSIPUserAgent/3.1' ) but it failed. Packets are still flowing in. iptables -I INPUT 1 -p tcp --dport 5060 -m string --string "VaxSIPUserAgent" --algo bm -j DROP ?Its something like this Registration from '"30" <sp:30@my_public_ip:5060> failed for '192.168.xxx.xxx:6373' - Wrong Password? ?and there are approx 10 request per minute of this type. Please suggest some way to stop this.? -- Anurag Rana http://newbie42.blogspot.in/ On the trampoline of life's experiences, Striving towards a saintly life in the midst of these materialistic turbulences. -- Anurag Rana http://newbie42.blogspot.in/ On the trampoline of life's experiences, Striving towards a saintly life in the midst of these materialistic turbulences.
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users