[asterisk-users] Attack on Sip server.
prakash.n at tevatel.com
Fri Jun 27 11:02:17 CDT 2014
In sip.conf change listen port 5060 to some other number like 7242 any
number ,then restart asterisk . Register sip phone with listen port (7242)
From: Anurag Rana <anuragrana31189 at gmail.com>
Sent: 27-06-2014 08:19 PM
To: Prakash N <prakash.n at tevatel.com>
Cc: Asterisk Users Mailing List - Non-Commercial Discussion
<asterisk-users at lists.digium.com>
Subject: Re: [asterisk-users] Attack on Sip server.
I added bot rules TCP as well as UDP. Still not working.
How changing SIP listen port will prevent it. Please explain.
I will try fail2band.
On Fri, Jun 27, 2014 at 8:16 PM, Prakash N <prakash.n at tevatel.com> wrote:
> Install fail2band and change sip listen port to avoid attack
> With regards
> From: Anurag Rana <anuragrana31189 at gmail.com>
> Sent: 27-06-2014 08:07 PM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> <asterisk-users at lists.digium.com>
> Subject: [asterisk-users] Attack on Sip server.
> Hi All.
> Someone is attacking on my SIP server.
> There are lot of requests coming in and I am not able to stop it because I
> am unable to detect the IP address.
> I used wireshark to capture the packets.
> Although I am using very strong password for my SIP users but still is
> there any way to drop these packets and stop this attack.
> I tried dropping packet after matching some string (most of the packets
> from attacker contains string 'VaxSIPUserAgent/3.1' ) but it failed.
> Packets are still flowing in.
> iptables -I INPUT 1 -p tcp --dport 5060 -m string --string "VaxSIPUserAgent" --algo bm -j DROP
> Its something like this
> Registration from '"30" <sp:30 at my_public_ip:5060> failed for
> '192.168.xxx.xxx:6373' - Wrong Password
> and there are approx 10 request per minute of this type.
> Please suggest some way to stop this.
> Anurag Rana
> On the trampoline of life's experiences, Striving towards a saintly life
> in the midst of these materialistic turbulences.
On the trampoline of life's experiences, Striving towards a saintly life in
the midst of these materialistic turbulences.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the asterisk-users