[asterisk-users] Am I being hacked?
Ira
ira at extrasensory.com
Mon Aug 19 16:58:49 CDT 2013
Hello Steve,
Monday, August 19, 2013, 11:55:54 AM, you wrote:
>> >> [2013-08-18 05:56:29] NOTICE[17089][C-000000a8] chan_sip.c:
>> >> Failed to authenticate device 390<sip:390 at xx.xx.xxx.xxx>;tag=2762c06e
>>
>> xx.xx.xxx.xxx is my public I.P.
> What kind of filtering are you doing? Iptables?
> Rather than playing 'wack-a-mole' with hackers, my first line of defense
> is to 'white-list' just the few legitimate connections between my clients
> and their SIP providers.
I have blocked almost all the IPs except the very few I care about. I'm not that good at iptables, but I did block at least
I guess I need to change it to something like:
Allow x
alloy y
allow z
allow local
block all
One of my concerns was what happens if my provider hands off the RTP stream to a blocked address? It's a small Atom box with 6 phones, 6 or 8 numbers and two users. it's behind NAT and the internet is Time Warner Cable.
Long ago I changed all my extensions to non numeric 40 character or so things with similar passwords. The only weak spot might be the connections to my brother-in-law's TrixBox box across the country and that's because he doesn't believe in secure passwords. I've tried, but it's just not worth the effort.
-- Ira
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20130819/4ade4108/attachment.htm>
More information about the asterisk-users
mailing list