You can also take a look at SecAst (www.generationd.com). The free version is a drop-in replacement for fail2ban but also add a lot more intelligence (and no need to update regex's etc). There's also geographic IP fencing so you can block attacks by country / region / city etc., only allow access by geography, etc. And a whole lot more (including detection of breached but valid credentials to halt ongoing fraud, etc)
-=M=- The opinions above are my own, and don't necessarily represent those of my employer. Since I'm employed by Generation D however you can bet that I have a serious bias :) ________________________________ From: asterisk-users-boun...@lists.digium.com <asterisk-users-boun...@lists.digium.com> on behalf of Eric Wieling <ewiel...@nyigc.com> Sent: Thursday, September 4, 2014 11:58 AM To: Asterisk Users List Subject: Re: [asterisk-users] Asterisk secure fine tune - stop attack If we don't need to allow access from outside the USA we block access from all non-ARIN IP addresses by using iptables. This takes care of at least 80% of attacks. I enabled guest access and pointed all guest calls to an IVR which auto disconnects the call after a while (2 min seems good) if there is no response. That took care of most of the remaining attacks. I'm considering enabling auto create peer and routing calls to the same IVR as above. We also use fail2ban, but mostly for non-SIP attacks. Before enabling any guest access be ABSOLUTELY SURE you know how to do it without causing security issues. From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Hashmat Khan Sent: Thursday, September 04, 2014 3:45 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Asterisk secure fine tune - stop attack dont forgot to put your "trusted IPs" into "ignoreip" list while configuring fail2ban its very important when a customer (may be 100+ extns) are behind NAT and only present single public IP Rgds Hash ________________________________ Date: Thu, 4 Sep 2014 08:42:11 -0700 From: motty.c...@gmail.com<mailto:motty.c...@gmail.com> To: asterisk-users@lists.digium.com<mailto:asterisk-users@lists.digium.com> Subject: Re: [asterisk-users] Asterisk secure fine tune - stop attack Hi A J, believe me, I wish i do as you suggested, however I have a few extensions outside the office with dynamic IPs, so that is not a possibility. Thanks for your suggestions, I will try fail2ban. I don't know how complicated is to implement that on production server. Thanks, -Motty On Thu, Sep 4, 2014 at 8:19 AM, A J Stiles <asterisk_l...@earthshod.co.uk<mailto:asterisk_l...@earthshod.co.uk>> wrote: On Thursday 04 Sep 2014, motty cruz wrote: > Hi All, > I see this kind of attack on our Asterisk Server, do you know how to block > that IP? Instead of blocking unwanted IPs, you should be permitting only wanted IPs. -- AJS Note: Originating address only accepts e-mail from list! If replying off- list, change address to asterisk1list at earthshod dot co dot uk . -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com<http://www.api-digital.com/> -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com<http://www.api-digital.com/> -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
