Exactly.
If one's external access control is set correctly, you should basically
never see any outside attack traffic at your Asterisk box (you've see it in
the firewall logs instead).
Following the concept of "least privileges" is where you should start if
you have Asterisk attached to a
Hi David, Tim,
Try to use Bail2Ban at last resort. Fail2Ban is a ractive approach, that
permit the traffinc AND ONLY BLOCK them after certain level triggered.
Use iptables to block the unused services faced to public networks like
Internet. And configure these services properly, so they listen
Is that IP in your network or outside (I can ping it so I'm guessing it's
outside your network)? Do you have a firewall between your asterisk box
and the internet? Is there a WHITELIST of IP addresses that only allow
your provider's limited IP pool to connect to your asterisk box from
outside?
Hi, Jerry,
I don't know what S.O. you have in the Server, but you can check the man
page (https://linux.die.net/man/8/in.tftpd) for tftpd and use the options
--address, so you can tell tftp from what interface/port this service
listen request.
>From the IP in your logs (69.64.57.18) the request
This is old news. They use Shodan and then try to connect. Set up Fail2Ban
that say after 10 404's to ban the IP.
On Fri, Apr 21, 2017 at 12:27 PM, Jerry Geis wrote:
> I "justed" happened to look at /var/log/messages...
>
> I saw:
> Apr 21 12:18:40 in.tftpd[22719]: RRQ
ttempt sequential config file read looking for
valid files.
I "justed" happened to look at /var/log/messages...
I saw:
Apr 21 12:18:40 in.tftpd[22719]: RRQ from 69.64.57.18 filename 0004f2034f6b.cfg
Apr 21 12:18:40 in.tftpd[22719]: Client 69.64.57.18 File not found
0004f2034f6b.cfg
Apr 21 1
I "justed" happened to look at /var/log/messages...
I saw:
Apr 21 12:18:40 in.tftpd[22719]: RRQ from 69.64.57.18 filename
0004f2034f6b.cfg
Apr 21 12:18:40 in.tftpd[22719]: Client 69.64.57.18 File not found
0004f2034f6b.cfg
Apr 21 12:18:40 in.tftpd[22720]: RRQ from 69.64.57.18 filename