[asterisk-users] RES: Auto ban IP addresses

Leandro Dardini ldardini at gmail.com
Thu Jan 3 02:42:23 CST 2013


I am using fail2ban on all my asterisk server, but beware, fail2ban can be
a dangerous software. The problem rely on the fact that SIP uses UDP, so it
is possible to send messages with a forged source IP address. This way the
bad guy out there can "ban" all your IP addresses. I say "it is possible"
without having investigated in deep details what is really needed to do.

Leandro

2013/1/3 Éder <eder at openminds.com.br>

> Howto fail2ban in asterisk
>
>
> http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk
>
>
>
> -----Mensagem original-----
> De: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] Em nome de Frank
> Enviada em: quarta-feira, 2 de janeiro de 2013 20:50
> Para: Asterisk Users Mailing List - Non-Commercial Discussion
> Assunto: [asterisk-users] Auto ban IP addresses
>
> Greetings all,
>
> I have been seeing a lot of
>
> [Jan  2 16:36:31] NOTICE[7519]: chan_sip.c:23149 handle_request_invite:
> Sending fake auth rejection for device
> 100<sip:100 at 108.161.145.18>;tag=2e921697
>
> in my logs lately. Is there a way to automatically ban IP address from
> attackers within asterisk ?
>
>
> Thank you
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20130103/c28c6bc9/attachment.htm>


More information about the asterisk-users mailing list