[asterisk-users] Force ip disconnect after register?

Kevin P. Fleming kpfleming at digium.com
Mon Sep 13 16:24:59 CDT 2010


On 09/13/2010 10:22 AM, Bryant Zimmerman wrote:
> Is there a way to drop a ip connection to asterisk after a number of
> register attempts.
> 
> I have been having issues with hackers doing registration scanning
> against our server. We block their address at the fire wall but since
> asterisk does not force a drop of the connect after so many bad reg
> attempts I can't enforce the block until they drop and try again. This
> allows them to run the box with reg attempts as long as they maintain
> their initial connection or I reset the state tables on the firewall.
> This is very bad. Is there a way to force the connection to drop and
> reconnect after let's say 50 attempts.

Reconfigure your firewall to inspect every packet against the rules,
instead of shortcutting 'open connections'; this takes more CPU on your
firewall, but allows you to change the rules and drop existing connections.

Alternatively, depending on how you've built your firewall, you can
insert the 'drop all packets from X.X.X.X' *before* any rules that allow
packets from existing connections.

-- 
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
skype: kpfleming | jabber: kfleming at digium.com
Check us out at www.digium.com & www.asterisk.org



More information about the asterisk-users mailing list