[asterisk-users] asterisk and fail2ban

Andrew Latham lathama at gmail.com
Tue Mar 29 12:44:07 CDT 2011


On Tue, Mar 29, 2011 at 2:34 PM, Sherwood McGowan
<sherwood.mcgowan at gmail.com> wrote:
> On 3/29/2011 12:25 PM, Steve Edwards wrote:
>>> On Tue, 29 Mar 2011 12:10:59 -0500, Sherwood McGowan
>>
>>>> First thing I'd do is restrict the ip blocks your sip endpoints can
>>>> register/call from in sip.conf (or your database's table for sip
>>>> endpoints)
>>
>> On Tue, 29 Mar 2011, Gilles wrote:
>>
>>> Thanks for the idea, but it's not possible, as the Asterisk must be
>>> accessible for road warriors and receive SIP calls from anyone.
>>
>> Really? How many callers are you expecting from North Korea, Libya,
>> China, Iran, etc?
>>
>
> Thanks Steve, you just emailed exactly what I was going to say...
>
> Remember guys, there's a LOT of IP blocks out there that are almost
> definitely not going to be somewhere you expect to receive SIP traffic
> from.
>
> Where are you located? Where do your road warriors usually travel? Start
> by blocking countries that are not going to be expected to send traffic
> 98% of the time. When I first started out as a consultant, I helped get
> a certain U.S. ITSP up and running, and we reduced fraud and hack
> attempts DRASTICALLY simply by blocking most of the countries that are
> pretty much known for the prolific numbers of hackers. Sure, we had
> like, 2 customers call in to say they had traveled abroad (or sent their
> device to a family/friend abroad) and couldn't get their device to
> register. But seriously, it was rare.
>
> Either way, just a suggestion
>
> --
> Sherwood McGowan <sherwood.mcgowan at gmail.com>
> Carrier, ITSP, Call Center, and PBX Solutions Consultant

First step should be on the AS level.  If you do not have access to
advertised networks then use http://www.spamhaus.org/drop/ "The
Spamhaus Don't Route Or Peer List" and the script in the FAQ.

-- 
~~~ Andrew "lathama" Latham lathama at gmail.com ~~~



More information about the asterisk-users mailing list