It shouldn't be too hard to take the ssh-brute-force-protection.plugin from Arno and tweak it to do the same thing for UDP and port 5060 (or better, a range of ports). Maybe 30 minutes of work and testing...
Maybe Lonnie will get bored. :-) -Philip Michael Keuter wrote: > Hi list, > > I have a customer with Astlinux 0.6.4 on a net5501, who was (not > successfully) tested by a SIP-hacker: > ---------------------------- > Apr 12 14:49:40 asterisk local0.notice asterisk[1832]: NOTICE[1832]: > chan_sip.c:15839 in handle_request_register: Registration from > '"1345"<sip:1...@xxx.xxx.xxx.xxx>' failed for '92.243.9.47' - No > matching peer found > Apr 12 14:49:40 asterisk local0.notice asterisk[1832]: NOTICE[1832]: > chan_sip.c:15839 in handle_request_register: Registration from > '"1346"<sip:1...@xxx.xxx.xxx.xxx>' failed for '92.243.9.47' - No > matching peer found > Apr 12 14:49:40 asterisk local0.notice asterisk[1832]: NOTICE[1832]: > chan_sip.c:15839 in handle_request_register: Registration from > '"1347"<sip:1...@xxx.xxx.xxx.xxx>' failed for '92.243.9.47' - No > matching peer found > Apr 12 14:49:40 asterisk local0.notice asterisk[1832]: NOTICE[1832]: > chan_sip.c:15839 in handle_request_register: Registration from > '"1348"<sip:1...@xxx.xxx.xxx.xxx>' failed for '92.243.9.47' - No > matching peer found > Apr 12 14:49:41 asterisk local0.notice asterisk[1832]: NOTICE[1832]: > chan_sip.c:15839 in handle_request_register: Registration from > '"1349"<sip:1...@xxx.xxx.xxx.xxx>' failed for '92.243.9.47' - No > matching peer found > Apr 12 14:49:41 asterisk local0.notice asterisk[1832]: NOTICE[1832]: > chan_sip.c:15839 in handle_request_register: Registration from > '"1350"<sip:1...@xxx.xxx.xxx.xxx>' failed for '92.243.9.47' - No > matching peer found > ---------------------------- > And so on. There are about 65 SIP-checks per second (nice script). > > I there anything one could do against this, except secure passwords > and the blocked-hosts file in Astlinux? > I know there is a brute-force firewall-plugin for SSH in the 0.6 > branch, but I found nothing for SIP. > I saw a ids-protection plugin in trunk. > > Michael > ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
