Re: [asterisk-users] RES: Auto ban IP addresses
On Thu, 2013-01-03 at 09:42 +0100, Leandro Dardini wrote: > I am using fail2ban on all my asterisk server, but beware, fail2ban > can be a dangerous software. The problem rely on the fact that SIP > uses UDP, so it is possible to send messages with a forged source IP > address. This way the bad guy out there can "ban" all your IP > addresses. I say "it is possible" without having investigated in deep > details what is really needed to do. > > The jail.conf in fail2ban allows for a whitelist of IPs that will never be banned -- Ishfaq Malik Department: VOIP Support Company: Packnet Limited t: +44 (0)845 004 4994 f: +44 (0)161 660 9825 e: i...@pack-net.co.uk w: http://www.pack-net.co.uk Registered Address: PACKNET LIMITED, 2A ENTERPRISE HOUSE, LLOYD STREET NORTH, MANCHESTER SCIENCE PARK, MANCHESTER, M156SE COMPANY REG NO. 04920552 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] RES: Auto ban IP addresses
I am using fail2ban on all my asterisk server, but beware, fail2ban can be a dangerous software. The problem rely on the fact that SIP uses UDP, so it is possible to send messages with a forged source IP address. This way the bad guy out there can "ban" all your IP addresses. I say "it is possible" without having investigated in deep details what is really needed to do. Leandro 2013/1/3 Éder > Howto fail2ban in asterisk > > > http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk > > > > -Mensagem original- > De: asterisk-users-boun...@lists.digium.com > [mailto:asterisk-users-boun...@lists.digium.com] Em nome de Frank > Enviada em: quarta-feira, 2 de janeiro de 2013 20:50 > Para: Asterisk Users Mailing List - Non-Commercial Discussion > Assunto: [asterisk-users] Auto ban IP addresses > > Greetings all, > > I have been seeing a lot of > > [Jan 2 16:36:31] NOTICE[7519]: chan_sip.c:23149 handle_request_invite: > Sending fake auth rejection for device > 100;tag=2e921697 > > in my logs lately. Is there a way to automatically ban IP address from > attackers within asterisk ? > > > Thank you > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: >http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: >http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users