[asterisk-users] Am I being hacked?
Patrick Lists
asterisk-list at puzzled.xs4all.nl
Mon Aug 19 14:22:01 CDT 2013
On 08/19/2013 08:55 PM, Steve Edwards wrote:
> On Mon, 19 Aug 2013, Ira wrote:
>
>> >> [2013-08-18 05:56:29] NOTICE[17089][C-000000a8] chan_sip.c:
>> >> Failed to authenticate device
>> 390<sip:390 at xx.xx.xxx.xxx>;tag=2762c06e
>>
>> xx.xx.xxx.xxx is my public I.P.
>
> What kind of filtering are you doing? Iptables?
>
> Rather than playing 'wack-a-mole' with hackers, my first line of defense
> is to 'white-list' just the few legitimate connections between my
> clients and their SIP providers.
>
> If your situation requires remote and mobile access, can you at least
> 'black-list' certain countries with a propensity for hacking? Do you
> need access from China, North Korea, Iran, etc?
>
> You can eliminate a very large percentage of hacking attempts with just
> a few rules. Then you can focus better on the remaining threats.
Agree. The ip blocks from ipdeny.com come in handy either blocking
countries that have no business accessing your Asterisk box or
whitelisting countries/ip ranges that do.
Regards,
Patrick
More information about the asterisk-users
mailing list