[asterisk-users] "Register Attacks" End of ENUM ?
Motiejus Jakštys
desired.mta at gmail.com
Tue Jul 27 06:07:35 CDT 2010
> Hello Motiejus, Hello Nick!
>
> thanks for your answers. My OP was definitely not meant as a request for
> help. I just wanted to start some small discussion.
> The point is that
> a) I don't know fail2ban, and
It's really easy. I just installed it on my company asterisk box - it
took ~5 minutes to install and configure. Thanks all.
Moreover, it's scanning for sshd brute-force attacks out of the box.
> b) I think that small box which runs my asterisk wouldn't take another
> additional application (like fail2ban)
It has a _very_ small footprint :-) I observe 0% cpu (in top) and 2MB
system ram usage.
>
> @Motiejus:
>
> Thanks for your rules! Since it seems that you are an iptables expert,
:-)
> may I ask you:
>
> I want to restrict SIP traffic to my internal network AND to a special
> adress-range (adresses of my voip provider) from external network.
>
> iptables -A INPUT -s 192.168.1.0/24 -p udp --dport 5060 -j ACCEPT
> iptables -A INPUT -m iprange --src-range [FROM_IP]-[TO_IP] -j ACCEPT
> iptables -A INPUT -p udp --dport 5060 -j DROP
>
> Would that do the trick ?
Yes, syntax looks correct, it should. Try :-)
>
> But that would keep out any calls via ENUM mechanism too. Am I right?
The above rule will block all UDP port 5060 (SIP) traffic from
external ips to your asterisk machine.
I do not know how ENUM works, so cannot answer, but probably Nick is
right. If your asterisk is ENUM server listening on UDP 5060 and
remote hosts query your machine with ENUM - then yes, it will not
work. Any other configuration - it will.
Regards
Motiejus Jakštys
More information about the asterisk-users
mailing list