Have a look at fail2ban mosbah abdelkader wrote: > An attacker is scanning my Asterisk Switch to gain illegitimate access > to VoIP call functionality. > > > Using a sip scanning tool, *it* sends REGISTERs with random identities. > And when it discovers one identity subscribed in my switch, it tries to > authenticate with random passwords using this user name. > > > For the moment, I have replaced this account. And also blocked the IP it > has used but each time it tries to use another IP to scan again. > > > Following is a sample REGISTER request sent by it to my switch (I have > hidden some info). > > > REGISTER sip:xx.xx.xx.xx SIP/2.0 > *Via: SIP/2.0/UDP 127.0.1.1:5061;branch=xxxxxxxxx**-xxxxxxxxx**;rport* > Content-Length: 0 > From: "xxxxxxxxx" <sip:xxxxxx...@xx.xx.xx.xx> > Accept: application/sdp > *User-Agent: friendly-scanner* > To: "xxxxxxxxx" <sip:xxxxxx...@xx.xx.xx.xx> > *Contact: sip:1...@1.1.1.1 <mailto:sip%3a...@1.1.1.1>* > CSeq: 1 REGISTER > Call-ID: 4244603463 > Max-Forwards: 70 > > > > > Please help me resolve this problem. >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
