[asterisk-users] stopping unwanted attempts
Steve Edwards
asterisk.org at sedwards.com
Sat Jan 18 16:59:02 CST 2014
On Sat, 18 Jan 2014, Jerry Geis wrote:
> I see MANY of these in my log files:
>
> [Jan 15 03:06:12] NOTICE[14129] chan_sip.c: Registration from '"202" <sip:202 at X:5060>' failed for '37.8.12.147:26832' - Wrong password
>
> What is the "correct" way to block these idiots so they
> don't even get this far.
Use iptables to allow packets from your legitimate users, block everybody
else.
If you are dealing with a mobile user base or an extensive geographic
area, at least block the countries where you do not expect traffic --
North Korea, China, xxxistan, etc.
Drop these at the front door (90% of the problem) and use fail2ban to pick
off the rest.
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
More information about the asterisk-users
mailing list