Hello Michael,
I hope the following link will be usefull for you:
http://blog.krisk.org/2008/07/sip-dosddos-mitigation.html
Also I read somewhere about keepin a "tail" on the asterisk log and use
iptables rules to block specific IPs
Never used on our Asterisk boxes - but maybe it will help you.
Best regards,
Ioan
On 16-Apr-09 1:45 PM, Michael Keuter wrote:
Hi list,
I have a customer with Astlinux 0.6.4 on a net5501, who was (not
successfully) tested by a SIP-hacker:
----------------------------
Apr 12 14:49:40 asterisk local0.notice asterisk[1832]: NOTICE[1832]:
chan_sip.c:15839 in handle_request_register: Registration from
'"1345"<sip:1...@xxx.xxx.xxx.xxx>' failed for '92.243.9.47' - No
matching peer found
Apr 12 14:49:40 asterisk local0.notice asterisk[1832]: NOTICE[1832]:
chan_sip.c:15839 in handle_request_register: Registration from
'"1346"<sip:1...@xxx.xxx.xxx.xxx>' failed for '92.243.9.47' - No
matching peer found
Apr 12 14:49:40 asterisk local0.notice asterisk[1832]: NOTICE[1832]:
chan_sip.c:15839 in handle_request_register: Registration from
'"1347"<sip:1...@xxx.xxx.xxx.xxx>' failed for '92.243.9.47' - No
matching peer found
Apr 12 14:49:40 asterisk local0.notice asterisk[1832]: NOTICE[1832]:
chan_sip.c:15839 in handle_request_register: Registration from
'"1348"<sip:1...@xxx.xxx.xxx.xxx>' failed for '92.243.9.47' - No
matching peer found
Apr 12 14:49:41 asterisk local0.notice asterisk[1832]: NOTICE[1832]:
chan_sip.c:15839 in handle_request_register: Registration from
'"1349"<sip:1...@xxx.xxx.xxx.xxx>' failed for '92.243.9.47' - No
matching peer found
Apr 12 14:49:41 asterisk local0.notice asterisk[1832]: NOTICE[1832]:
chan_sip.c:15839 in handle_request_register: Registration from
'"1350"<sip:1...@xxx.xxx.xxx.xxx>' failed for '92.243.9.47' - No
matching peer found
----------------------------
And so on. There are about 65 SIP-checks per second (nice script).
I there anything one could do against this, except secure passwords
and the blocked-hosts file in Astlinux?
I know there is a brute-force firewall-plugin for SSH in the 0.6
branch, but I found nothing for SIP.
I saw a ids-protection plugin in trunk.
Michael
------------------------------------------------------------------------------
Stay on top of everything new and different, both inside and
around Java (TM) technology - register by April 22, and save
$200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
300 plus technical and hands-on sessions. Register today.
Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
------------------------------------------------------------------------
------------------------------------------------------------------------------
Stay on top of everything new and different, both inside and
around Java (TM) technology - register by April 22, and save
$200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
300 plus technical and hands-on sessions. Register today.
Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.