I shall recommend fail2ban. We have been using fail2ban successfully for our Asterisk servers (Debian).
Help on using fail2ban with Asterisk server: https://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk On Thu, Aug 17, 2017 at 10:10 AM, Kseniya Blashchuk <ksybl...@gmail.com> wrote: > Well, correct me if I'm wrong, but I would say this conversation you have > posted is a bit outdated, now fail2ban can be used with asterisk security > log > https://wiki.asterisk.org/wiki/display/AST/Asterisk+Security+Event+Logger. > > > On Thu, Aug 17, 2017, 4:53 AM Telium Technical Support <supp...@telium.ca> > wrote: >> >> Keep in mind that the attacks you are seeing in the log are ONLY the ones >> that Asterisk is detecting and rejecting. All other attacks aren't even >> showing up! >> >> There's a good discussion of how to secure your PBX here: >> https://www.voip-info.org/wiki/view/asterisk+security >> >> In general, don't let the malevolent traffic get as far as the PBX (block >> at >> the firewall). Also, Digium regularly warns users that fail2ban is NOT a >> security system: http://forums.asterisk.org/viewtopic.php?p=159984 >> >> -----Original Message----- >> From: asterisk-users-boun...@lists.digium.com >> [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of mdiehl >> Sent: Tuesday, August 15, 2017 3:38 PM >> To: asterisk-users@lists.digium.com >> Subject: [asterisk-users] Detecting DoS attacks via SIP >> >> Hi all, >> >> Lately, I've seen an increase in the number of attacks against my system >> from the so-called "Friendly Scanner." When one of these script kiddies >> targets my server, all I see for symptoms is a few of my trunks become >> lagged due to server load and a stream of messages on the console that >> resemble this: >> >> [Aug 2 20:27:50] == Using SIP VIDEO CoS mark 6 >> [Aug 2 20:27:50] == Using SIP RTP TOS bits 24 >> [Aug 2 20:27:50] == Using SIP RTP CoS mark 5 >> [Aug 2 20:32:47] == Using SIP VIDEO TOS bits 24 >> [Aug 2 20:32:47] == Using SIP VIDEO CoS mark 6 >> [Aug 2 20:32:47] == Using SIP RTP TOS bits 24 >> [Aug 2 20:32:47] == Using SIP RTP CoS mark 5 >> [Aug 2 20:34:26] == Using SIP VIDEO TOS bits 24 >> [Aug 2 20:34:26] == Using SIP VIDEO CoS mark 6 >> >> >> I have to turn on sip debugging to find out who's hitting me. However, I >> can't just leave it on because it would kill my logging system. >> >> So, how are other people handling this? Is there an AMI event I want >> watch >> for? I watch for PeerStatus, but since there's no actual peer in the >> attack, I don't seem to get an event from AMI. >> >> Any ideas? >> >> Mike Diehl. >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> >> Check out the new Asterisk community forum at: >> https://community.asterisk.org/ >> >> New to Asterisk? Start here: >> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users >> >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> >> Check out the new Asterisk community forum at: >> https://community.asterisk.org/ >> >> New to Asterisk? Start here: >> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users -- Regards, Tirveni Yadav www.bael.io What is this Universe ? From what it arises ? Into what does it go? In freedom it arises, In freedom it rests and into freedom it melts away. Upanishads.
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users