Exactly.
If one's external access control is set correctly, you should basically
never see any outside attack traffic at your Asterisk box (you've see it in
the firewall logs instead).
Following the concept of "least privileges" is where you should start if
you have Asterisk attached to a SIP
Hi David, Tim,
Try to use Bail2Ban at last resort. Fail2Ban is a ractive approach, that
permit the traffinc AND ONLY BLOCK them after certain level triggered.
Use iptables to block the unused services faced to public networks like
Internet. And configure these services properly, so they listen o
Is that IP in your network or outside (I can ping it so I'm guessing it's
outside your network)? Do you have a firewall between your asterisk box
and the internet? Is there a WHITELIST of IP addresses that only allow
your provider's limited IP pool to connect to your asterisk box from
outside?
I
Hi, Jerry,
I don't know what S.O. you have in the Server, but you can check the man
page (https://linux.die.net/man/8/in.tftpd) for tftpd and use the options
--address, so you can tell tftp from what interface/port this service
listen request.
>From the IP in your logs (69.64.57.18) the request c
This is old news. They use Shodan and then try to connect. Set up Fail2Ban
that say after 10 404's to ban the IP.
On Fri, Apr 21, 2017 at 12:27 PM, Jerry Geis wrote:
> I "justed" happened to look at /var/log/messages...
>
> I saw:
> Apr 21 12:18:40 in.tftpd[22719]: RRQ from 69.64.57.18 filename
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Jerry Geis
Sent: Friday, April 21, 2017 12:28 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: [asterisk-users] Hack attempt sequential config file read looking
I "justed" happened to look at /var/log/messages...
I saw:
Apr 21 12:18:40 in.tftpd[22719]: RRQ from 69.64.57.18 filename
0004f2034f6b.cfg
Apr 21 12:18:40 in.tftpd[22719]: Client 69.64.57.18 File not found
0004f2034f6b.cfg
Apr 21 12:18:40 in.tftpd[22720]: RRQ from 69.64.57.18 filename
0004f2034f6c
