[asterisk-users] Securing Asterisk - How to avoid sending, "SIP/2.0 603 Declined"
Robert Huddleston
rhuddleston at gmail.com
Mon Jul 25 14:06:31 CDT 2011
/unsubscribe
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Bruce B
Sent: Monday, July 25, 2011 2:45 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Securing Asterisk - How to avoid sending,
"SIP/2.0 603 Declined"
My main point was to block SIP Anonymous calls and not give the impression
that there is a SIP server. As for as REGISTER goes, I am not sure how it's
dealt in Asterisk and probably some work around can be found using IPTABLES
again to not respond to REGISTER requests as well if they are not
authenticated.
Thanks for bringing OSSEC up, I will explore it.
- Bruce
On Mon, Jul 25, 2011 at 11:02 AM, Paul Hayes <paul at provu.co.uk> wrote:
On 23/07/11 04:48, Bruce B wrote:
Quote,/"How do the users register to begin with, if their REGISTER
requests won't be processed unless their IP is already known to be a
registrant? :-)"/
Well, unfortunately I don't have the luxury of knowing their IP and the
closest I know is their IP range.
Then I don't understand what the point would be. You'll have to leave
Asterisk responding to all Register requests (and to be fair all the attacks
I've seen have been done by sending Register requests anyway).
I use OSSEC on my Asterisk systems to handle iptables rule generation on the
fly. You could write your own rule(s) for that to block source IP addresses
sending you Invites when they aren't Registered.
cheers,
Paul.
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110725/bfbf81cc/attachment.htm>
More information about the asterisk-users
mailing list