On Fri, 2014-06-27 at 22:24 +0530, Anurag Rana wrote:
iptables -I INPUT 1 -p tcp --dport 5060 -m string
--string VaxSIPUserAgent --algo bm -j DROP
You make a fundamental mistake here.
anuragrana31...@gmail.com
Sent: Friday, June 27, 2014 10:49 AM
To: Prakash N
Cc: Asterisk Users List
Subject: Re: [asterisk-users] Attack on Sip server.
I added bot rules TCP as well as UDP. Still not working.
How changing SIP listen port will prevent it. Please explain.
I will try fail2band.
On Fri
iptables -I INPUT 1 -p tcp --dport 5060 -m string --string VaxSIPUserAgent
--algo bm -j DROP
Its something like this
Registration from '30 sp:30@my_public_ip:5060 failed for
'192.168.xxx.xxx:6373' - Wrong Password
and there are approx 10 request per minute of this type.
Please suggest
Hi All.
Someone is attacking on my SIP server.
There are lot of requests coming in and I am not able to stop it because I
am unable to detect the IP address.
I used wireshark to capture the packets.
Although I am using very strong password for my SIP users but still is
there any way to drop
Hi,
Change the protocol from tcp to udp in iptables.
~Arun
On 27 Jun 2014 20:07, Anurag Rana anuragrana31...@gmail.com wrote:
Hi All.
Someone is attacking on my SIP server.
There are lot of requests coming in and I am not able to stop it because I
am unable to detect the IP address.
: [asterisk-users] Attack on Sip server.
Hi All.
Someone is attacking on my SIP server.
There are lot of requests coming in and I am not able to stop it because I
am unable to detect the IP address.
I used wireshark to capture the packets.
Although I am using very strong password for my SIP users
With regards
N.Prakash
--
From: Anurag Rana anuragrana31...@gmail.com
Sent: 27-06-2014 08:07 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
asterisk-users@lists.digium.com
Subject: [asterisk-users] Attack on Sip server.
Hi All.
Someone
Discussion
asterisk-users@lists.digium.com
Subject: [asterisk-users] Attack on Sip server.
Hi All.
Someone is attacking on my SIP server.
There are lot of requests coming in and I am not able to stop it because
I am unable to detect the IP address.
I used wireshark to capture the packets
On 27 Jun 2014, at 15:37, Anurag Rana anuragrana31...@gmail.com wrote:
There are lot of requests coming in and I am not able to stop it because I am
unable to detect the IP address.
I used wireshark to capture the packets.
If you can capture the packet, surely you have the IP? If they intend
very simple,
yet effective
http://www.palner.com/blog/171/asterisk-no-matching-peer-found-block/
Am 27.06.2014 16:58, schrieb Steven Howes:
On 27 Jun 2014, at 15:37, Anurag Rana anuragrana31...@gmail.com
mailto:anuragrana31...@gmail.com wrote:
There are lot of requests coming in and I am not
, June 27, 2014 10:58 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Attack on Sip server.
On 27 Jun 2014, at 15:37, Anurag Rana
anuragrana31...@gmail.commailto:anuragrana31...@gmail.com wrote:
There are lot of requests coming in and I am not able
-users@lists.digium.com
Subject: [asterisk-users] Attack on Sip server.
Hi All.
Someone is attacking on my SIP server.
There are lot of requests coming in and I am not able to stop
it because I am unable to detect the IP address.
I used wireshark
-2014 08:19 PM
To: Prakash N prakas...@tevatel.com
Cc: Asterisk Users Mailing List - Non-Commercial Discussion
asterisk-users@lists.digium.com
Subject: Re: [asterisk-users] Attack on Sip server.
I added bot rules TCP as well as UDP. Still not working.
How changing SIP listen port will prevent
Discussion
asterisk-users@lists.digium.com /divdivSubject: Re: [asterisk-users]
Attack on Sip server. /divdiv
/divHi,
Change the protocol from tcp to udp in iptables.
~Arun
On 27 Jun 2014 20:07, Anurag Rana anuragrana31...@gmail.com wrote:
Hi All.
Someone is attacking on my SIP server
Anurag,
Here is small script, that will check your logs and will block the IPs.
http://www.didforsale.com/blog/is-your-asterisk-system-under-heavy-attack
This is good if you dont expect any registration. If you do have some valid
registration, you might want to add some counter to see how time
I think your asterisk server is behind firewall or some sort of NAT where
the out to in packets are getting masqueraded with local or DMZ IP of your
firewall / gateway box.
Fix this first to get fail2ban detect the correct public IP.
Otherwise fail2ban will ban your local GW IP due to which you
:22 PM
To: Prakash N prakas...@tevatel.com
Cc: Asterisk Users Mailing List - Non-Commercial Discussion
asterisk-users@lists.digium.com
Subject: Re: [asterisk-users] Attack on Sip server.
Both Rules* (typo in last mail)
On Fri, Jun 27, 2014 at 8:19 PM, Anurag Rana anuragrana31...@gmail.com
wrote
Right Mitul. System is behind some gateway.
On Fri, Jun 27, 2014 at 10:06 PM, Mitul Limbani mi...@enterux.in wrote:
I think your asterisk server is behind firewall or some sort of NAT where
the out to in packets are getting masqueraded with local or DMZ IP of your
firewall / gateway box.
Can't use anything which block IP addresses because my system is behind a
gateway and attacker gets the address of that gateway. In this way I will
end up blocking myself.
Please suggest something else.
On Fri, Jun 27, 2014 at 10:24 PM, Anurag Rana anuragrana31...@gmail.com
wrote:
Right
No way out. Fix ur gateway which is masquerading out to in traffic.
And do some research as others mentioned instead of expecting quick fix.
Mitul
On 27-Jun-2014 10:45 PM, Anurag Rana anuragrana31...@gmail.com wrote:
Can't use anything which block IP addresses because my system is behind a
Ok. Thanks. :)
On Fri, Jun 27, 2014 at 11:05 PM, Mitul Limbani mi...@enterux.in wrote:
No way out. Fix ur gateway which is masquerading out to in traffic.
And do some research as others mentioned instead of expecting quick fix.
Mitul
On 27-Jun-2014 10:45 PM, Anurag Rana
Please don't top-post.
Please trim posts to the specific post you are replying to.
On Fri, 27 Jun 2014, Anurag Rana wrote:
Can't use anything which block IP addresses because my system is behind
a gateway and attacker gets the address of that gateway. In this way I
will end up blocking
22 matches
Mail list logo
