[asterisk-users] Asterisk secure fine tune - stop attack

2014-09-04 Thread motty cruz
Hi All, I see this kind of attack on our Asterisk Server, do you know how to block that IP? [Sep 4 07:41:06] NOTICE[7375]: chan_sip.c:23375 handle_request_invite: Call from '' (213.136.81.166:9306) to extension '34422' rejected because extension not found in context 'default'. Thanks in advance,

Re: [asterisk-users] Asterisk secure fine tune - stop attack

2014-09-04 Thread Patrick Laimbock
On 04-09-14 16:44, motty cruz wrote: Hi All, I see this kind of attack on our Asterisk Server, do you know how to block that IP? [Sep 4 07:41:06] NOTICE[7375]: chan_sip.c:23375 handle_request_invite: Call from '' (213.136.81.166:9306 ) to extension '34422' rejected b

Re: [asterisk-users] Asterisk secure fine tune - stop attack

2014-09-04 Thread Thorsten Göllner
Am 04.09.2014 16:44, schrieb motty cruz: Hi All, I see this kind of attack on our Asterisk Server, do you know how to block that IP? [Sep 4 07:41:06] NOTICE[7375]: chan_sip.c:23375 handle_request_invite: Call from '' (213.136.81.166:9306 ) to extension '34422' r

Re: [asterisk-users] Asterisk secure fine tune - stop attack

2014-09-04 Thread motty cruz
Thanks, looks like fail2ban is the way to go, I would prefer a different alternatives if there is one. I tried deny=IP/netmask but did not work for me, in sip.conf. seems like fail2ban is what you all are using, so I will give it a try. Thanks, On Thu, Sep 4, 2014 at 7:58 AM, Thorsten Göllner w

Re: [asterisk-users] Asterisk secure fine tune - stop attack

2014-09-04 Thread A J Stiles
On Thursday 04 Sep 2014, motty cruz wrote: > Hi All, > I see this kind of attack on our Asterisk Server, do you know how to block > that IP? Instead of blocking unwanted IPs, you should be permitting only wanted IPs. -- AJS Note: Originating address only accepts e-mail from list! If replying

Re: [asterisk-users] Asterisk secure fine tune - stop attack

2014-09-04 Thread motty cruz
Hi A J, believe me, I wish i do as you suggested, however I have a few extensions outside the office with dynamic IPs, so that is not a possibility. Thanks for your suggestions, I will try fail2ban. I don't know how complicated is to implement that on production server. Thanks, -Motty On Thu, Se

Re: [asterisk-users] Asterisk secure fine tune - stop attack

2014-09-04 Thread Hashmat Khan
m To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] Asterisk secure fine tune - stop attack Hi A J, believe me, I wish i do as you suggested, however I have a few extensions outside the office with dynamic IPs, so that is not a possibility. Thanks for your suggestions, I will try fail2b

Re: [asterisk-users] Asterisk secure fine tune - stop attack

2014-09-04 Thread Eric Wieling
Thu, 4 Sep 2014 08:42:11 -0700 From: motty.c...@gmail.com<mailto:motty.c...@gmail.com> To: asterisk-users@lists.digium.com<mailto:asterisk-users@lists.digium.com> Subject: Re: [asterisk-users] Asterisk secure fine tune - stop attack Hi A J, believe me, I wish i do as you suggested, ho

Re: [asterisk-users] Asterisk secure fine tune - stop attack

2014-09-04 Thread Michelle Dupuis
an bet that I have a serious bias :) From: asterisk-users-boun...@lists.digium.com on behalf of Eric Wieling Sent: Thursday, September 4, 2014 11:58 AM To: Asterisk Users List Subject: Re: [asterisk-users] Asterisk secure fine tune - stop attack If we don&#x

Re: [asterisk-users] Asterisk secure fine tune - stop attack

2014-09-04 Thread Steve Edwards
Please don't top post. On Thu, 4 Sep 2014, motty cruz wrote: Hi A J, believe me, I wish i do as you suggested, however I have a few extensions outside the office with dynamic IPs, so that is not a possibility. Do your few extensions travel to China, Russia, Iran, Iraq, North Korea, etc? (So

Re: [asterisk-users] Asterisk secure fine tune - stop attack

2014-09-04 Thread A J Stiles
On Thursday 04 Sep 2014, motty cruz wrote: > Hi A J, > believe me, I wish i do as you suggested, however I have a few extensions > outside the office with dynamic IPs, so that is not a possibility. If you know what ISPs they are using, then you can allow just those ISPs' address ranges. That wil

Re: [asterisk-users] Asterisk secure fine tune - stop attack

2014-09-04 Thread Chris Bagnall
On 4/9/14 4:58 pm, Eric Wieling wrote: If we don't need to allow access from outside the USA we block access from all non-ARIN IP addresses by using iptables. This takes care of at least 80% of attacks. Likewise here (though RIPE rather than ARIN, since we're the other side of the pond).

Re: [asterisk-users] Asterisk secure fine tune - stop attack

2014-09-04 Thread motty cruz
Thank you all for your support, your suggestions are welcome. Thanks, On Thu, Sep 4, 2014 at 9:26 AM, Chris Bagnall wrote: > On 4/9/14 4:58 pm, Eric Wieling wrote: > >> If we don't need to allow access from outside the USA we block access >> from all non-ARIN IP addresses by using iptables. T