[asterisk-users] Securing Asterisk - How to avoid sending, "SIP/2.0 603 Declined"

Paul Hayes paul at provu.co.uk
Mon Jul 25 10:02:10 CDT 2011


On 23/07/11 04:48, Bruce B wrote:
>
> Quote,/"How do the users register to begin with, if their REGISTER
> requests won't be processed unless their IP is already known to be a
> registrant?  :-)"/
>
> Well, unfortunately I don't have the luxury of knowing their IP and the
> closest I know is their IP range.
>

Then I don't understand what the point would be.  You'll have to leave 
Asterisk responding to all Register requests (and to be fair all the 
attacks I've seen have been done by sending Register requests anyway).

I use OSSEC on my Asterisk systems to handle iptables rule generation on 
the fly.  You could write your own rule(s) for that to block source IP 
addresses sending you Invites when they aren't Registered.

cheers,
Paul.



More information about the asterisk-users mailing list