[asterisk-users] Attack on Sip server.
Prakash N
prakash.n at tevatel.com
Fri Jun 27 09:46:04 CDT 2014
Hi,
Install fail2band and change sip listen port to avoid attack
With regards
N.Prakash
------------------------------
From: Anurag Rana <anuragrana31189 at gmail.com>
Sent: 27-06-2014 08:07 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
<asterisk-users at lists.digium.com>
Subject: [asterisk-users] Attack on Sip server.
Hi All.
Someone is attacking on my SIP server.
There are lot of requests coming in and I am not able to stop it because I
am unable to detect the IP address.
I used wireshark to capture the packets.
Although I am using very strong password for my SIP users but still is
there any way to drop these packets and stop this attack.
I tried dropping packet after matching some string (most of the packets
from attacker contains string 'VaxSIPUserAgent/3.1' ) but it failed.
Packets are still flowing in.
iptables -I INPUT 1 -p tcp --dport 5060 -m string --string
"VaxSIPUserAgent" --algo bm -j DROP
Its something like this
Registration from '"30" <sp:30 at my_public_ip:5060> failed for
'192.168.xxx.xxx:6373' - Wrong Password
and there are approx 10 request per minute of this type.
Please suggest some way to stop this.
--
Anurag Rana
http://newbie42.blogspot.in/
On the trampoline of life's experiences, Striving towards a saintly life in
the midst of these materialistic turbulences.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140627/07b98b5a/attachment.html>
More information about the asterisk-users
mailing list