On 4/9/14 4:58 pm, Eric Wieling wrote:
If we don't need to allow access from outside the USA we block access from all non-ARIN IP addresses by using iptables. This takes care of at least 80% of attacks.
Likewise here (though RIPE rather than ARIN, since we're the other side of the pond).
You can also take it a bit further: if, for example, you know what ISP(s) your dynamic clients are using, you can limit connections to the IP ranges those ISP(s) use - look up their ranges on he.net's BGP looking glass if you need to find out what ranges they're using.
Another thing I've been playing with of late is using iptables' string matching functionality to block user agents of known attack vectors: 'sipcli', 'sipvicious', 'friendly-scanner', etc.
This seems to work remarkably well, though what impact it has on net performance under load remains to be seen.
Kind regards, Chris -- This email is made from 100% recycled electrons -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
