[asterisk-users] stopping unwanted attempts

[Billy Chia]

>
>
> I see MANY of these in my log files:
>
>
> [Jan 15 03:06:12] NOTICE[14129] chan_sip.c: Registration from '"202"
> <sip:202 at X:5060>' failed for '37.8.12.147:26832' - Wrong password
> [Jan 15 03:06:19] NOTICE[14129] chan_sip.c: Registration from '"5001"
> <sip:5001 at X:5060>' failed for '37.8.12.147:21268' - Wrong password
> [Jan 15 03:06:23] NOTICE[14129] chan_sip.c: Registration from '"30"
> <sip:30 at X:5060>' failed for '37.8.12.147:21270' - Wrong password
> [Jan 15 03:06:48] NOTICE[14129] chan_sip.c: Registration from '"70"
> <sip:70 at X:5060>' failed for '37.8.12.147:21328' - Wrong password
> [Jan 15 03:06:50] NOTICE[14129][C-00000085] chan_sip.c: Call from '' (
> 8.33.7.110:5103) to extension '889011972592735467' rejected because
> extension not found in context 'default'.
> [Jan 15 03:06:56] NOTICE[14129] chan_sip.c: Registration from '"4"
> <sip:4 at X:5060>'
> failed for '37.8.12.147:21272' - Wrong password
> [Jan 15 03:07:11] NOTICE[14129] chan_sip.c: Registration from '"12001"
> <sip:12001 at X:5060>' failed for '37.8.12.147:5060' - Wrong password
> [Jan 15 03:34:02] NOTICE[14129][C-00000086] chan_sip.c: Call from '' (
> 172.246.236.90:5078) to extension '8889011972595301123' rejected because
> extension not found in context 'default'.
>
> What is the "correct" way to block these idiots so they
> don't even get this far.
>
> Thanks,
>
> Jerry


At this past year's AstriCon there was a series of security talks that
covered fail2ban and best practices. You can view the playlist of videos on
YouTube. The content should be helpful for you:

https://www.youtube.com/playlist?list=PLighc-2vlRgT3DhE9DkIgSmpUX6v2AtYo

Links to the playlists are also on asterisk.org:
http://www.asterisk.org/community/astricon-user-conference/video-archive

Cheers,
Billy Chia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140120/e62caf18/attachment.html>