On Fri, 2014-06-27 at 22:24 +0530, Anurag Rana wrote:
iptables -I INPUT 1 -p tcp --dport 5060 -m string
--string VaxSIPUserAgent --algo bm -j DROP
You make a fundamental mistake here.
anuragrana31...@gmail.com
Sent: Friday, June 27, 2014 10:49 AM
To: Prakash N
Cc: Asterisk Users List
Subject: Re: [asterisk-users] Attack on Sip server.
I added bot rules TCP as well as UDP. Still not working.
How changing SIP listen port will prevent it. Please explain.
I will try fail2band.
On Fri
iptables -I INPUT 1 -p tcp --dport 5060 -m string --string VaxSIPUserAgent
--algo bm -j DROP
Its something like this
Registration from '30 sp:30@my_public_ip:5060 failed for
'192.168.xxx.xxx:6373' - Wrong Password
and there are approx 10 request per minute of this type.
Please suggest
Hi,
Change the protocol from tcp to udp in iptables.
~Arun
On 27 Jun 2014 20:07, Anurag Rana anuragrana31...@gmail.com wrote:
Hi All.
Someone is attacking on my SIP server.
There are lot of requests coming in and I am not able to stop it because I
am unable to detect the IP address.
Hi,
Install fail2band and change sip listen port to avoid attack
With regards
N.Prakash
--
From: Anurag Rana anuragrana31...@gmail.com
Sent: 27-06-2014 08:07 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
asterisk-users@lists.digium.com
Subject:
I added bot rules TCP as well as UDP. Still not working.
How changing SIP listen port will prevent it. Please explain.
I will try fail2band.
On Fri, Jun 27, 2014 at 8:16 PM, Prakash N prakas...@tevatel.com wrote:
Hi,
Install fail2band and change sip listen port to avoid attack
With
Both Rules* (typo in last mail)
On Fri, Jun 27, 2014 at 8:19 PM, Anurag Rana anuragrana31...@gmail.com
wrote:
I added bot rules TCP as well as UDP. Still not working.
How changing SIP listen port will prevent it. Please explain.
I will try fail2band.
On Fri, Jun 27, 2014 at 8:16 PM,
On 27 Jun 2014, at 15:37, Anurag Rana anuragrana31...@gmail.com wrote:
There are lot of requests coming in and I am not able to stop it because I am
unable to detect the IP address.
I used wireshark to capture the packets.
If you can capture the packet, surely you have the IP? If they intend
very simple,
yet effective
http://www.palner.com/blog/171/asterisk-no-matching-peer-found-block/
Am 27.06.2014 16:58, schrieb Steven Howes:
On 27 Jun 2014, at 15:37, Anurag Rana anuragrana31...@gmail.com
mailto:anuragrana31...@gmail.com wrote:
There are lot of requests coming in and I am not
, June 27, 2014 10:58 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Attack on Sip server.
On 27 Jun 2014, at 15:37, Anurag Rana
anuragrana31...@gmail.commailto:anuragrana31...@gmail.com wrote:
There are lot of requests coming in and I am not able
+1 fail2ban
Very easy and very effective.
On 27/06/2014 10:52 AM, Anurag Rana wrote:
Both Rules* (typo in last mail)
On Fri, Jun 27, 2014 at 8:19 PM, Anurag Rana
anuragrana31...@gmail.com mailto:anuragrana31...@gmail.com wrote:
I added bot rules TCP as well as UDP. Still not working.
-2014 08:19 PM
To: Prakash N prakas...@tevatel.com
Cc: Asterisk Users Mailing List - Non-Commercial Discussion
asterisk-users@lists.digium.com
Subject: Re: [asterisk-users] Attack on Sip server.
I added bot rules TCP as well as UDP. Still not working.
How changing SIP listen port will prevent
Discussion
asterisk-users@lists.digium.com /divdivSubject: Re: [asterisk-users]
Attack on Sip server. /divdiv
/divHi,
Change the protocol from tcp to udp in iptables.
~Arun
On 27 Jun 2014 20:07, Anurag Rana anuragrana31...@gmail.com wrote:
Hi All.
Someone is attacking on my SIP server
Anurag,
Here is small script, that will check your logs and will block the IPs.
http://www.didforsale.com/blog/is-your-asterisk-system-under-heavy-attack
This is good if you dont expect any registration. If you do have some valid
registration, you might want to add some counter to see how time
I think your asterisk server is behind firewall or some sort of NAT where
the out to in packets are getting masqueraded with local or DMZ IP of your
firewall / gateway box.
Fix this first to get fail2ban detect the correct public IP.
Otherwise fail2ban will ban your local GW IP due to which you
:22 PM
To: Prakash N prakas...@tevatel.com
Cc: Asterisk Users Mailing List - Non-Commercial Discussion
asterisk-users@lists.digium.com
Subject: Re: [asterisk-users] Attack on Sip server.
Both Rules* (typo in last mail)
On Fri, Jun 27, 2014 at 8:19 PM, Anurag Rana anuragrana31...@gmail.com
wrote
Right Mitul. System is behind some gateway.
On Fri, Jun 27, 2014 at 10:06 PM, Mitul Limbani mi...@enterux.in wrote:
I think your asterisk server is behind firewall or some sort of NAT where
the out to in packets are getting masqueraded with local or DMZ IP of your
firewall / gateway box.
Can't use anything which block IP addresses because my system is behind a
gateway and attacker gets the address of that gateway. In this way I will
end up blocking myself.
Please suggest something else.
On Fri, Jun 27, 2014 at 10:24 PM, Anurag Rana anuragrana31...@gmail.com
wrote:
Right
No way out. Fix ur gateway which is masquerading out to in traffic.
And do some research as others mentioned instead of expecting quick fix.
Mitul
On 27-Jun-2014 10:45 PM, Anurag Rana anuragrana31...@gmail.com wrote:
Can't use anything which block IP addresses because my system is behind a
Ok. Thanks. :)
On Fri, Jun 27, 2014 at 11:05 PM, Mitul Limbani mi...@enterux.in wrote:
No way out. Fix ur gateway which is masquerading out to in traffic.
And do some research as others mentioned instead of expecting quick fix.
Mitul
On 27-Jun-2014 10:45 PM, Anurag Rana
Please don't top-post.
Please trim posts to the specific post you are replying to.
On Fri, 27 Jun 2014, Anurag Rana wrote:
Can't use anything which block IP addresses because my system is behind
a gateway and attacker gets the address of that gateway. In this way I
will end up blocking
21 matches
Mail list logo