If you have a small Asterisk installation install the free version of SecAst:
http://www.voip-info.org/wiki/view/SecAst+(Asterisk+Intrusion+Detection+and+Prevention)
For general Asterisk security info check this out:
http://www.voip-info.org/wiki/view/Asterisk+security
-=Michelle=-
All opinions posted are my own, and do not necessarily reflect those of my
employer. As an employee of GenerationD my opions are serious biased :)
From: asterisk-users-boun...@lists.digium.com
asterisk-users-boun...@lists.digium.com on behalf of Anurag Rana
anuragrana31...@gmail.com
Sent: Friday, June 27, 2014 10:49 AM
To: Prakash N
Cc: Asterisk Users List
Subject: Re: [asterisk-users] Attack on Sip server.
I added bot rules TCP as well as UDP. Still not working.
How changing SIP listen port will prevent it. Please explain.
I will try fail2band.
On Fri, Jun 27, 2014 at 8:16 PM, Prakash N
prakas...@tevatel.commailto:prakas...@tevatel.com wrote:
Hi,
Install fail2band and change sip listen port to avoid attack
With regards
N.Prakash
From: Anurag Ranamailto:anuragrana31...@gmail.com
Sent: ?27-?06-?2014 08:07 PM
To: Asterisk Users Mailing List - Non-Commercial
Discussionmailto:asterisk-users@lists.digium.com
Subject: [asterisk-users] Attack on Sip server.
Hi All.
Someone is attacking on my SIP server.
There are lot of requests coming in and I am not able to stop it because I am
unable to detect the IP address.
I used wireshark to capture the packets.
Although I am using very strong password for my SIP users but still is there
any way to drop these packets and stop this attack.
I tried dropping packet after matching some string (most of the packets from
attacker contains string 'VaxSIPUserAgent/3.1' ) but it failed. Packets are
still flowing in.
iptables -I INPUT 1 -p tcp --dport 5060 -m string --string VaxSIPUserAgent
--algo bm -j DROP
?Its something like this
Registration from '30 sp:30@my_public_ip:5060 failed for
'192.168.xxx.xxx:6373' - Wrong Password?
?and there are approx 10 request per minute of this type.
Please suggest some way to stop this.?
--
Anurag Rana
http://newbie42.blogspot.in/
On the trampoline of life's experiences, Striving towards a saintly life in the
midst of these materialistic turbulences.
--
Anurag Rana
http://newbie42.blogspot.in/
On the trampoline of life's experiences, Striving towards a saintly life in the
midst of these materialistic turbulences.
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users