[asterisk-users] Attack on Sip server.
andrew at vsave.co.za
Fri Jun 27 11:15:30 CDT 2014
Block the ip?
You should only enable sip for your specific clients in iptables.
Sent from Samsung Mobile
<div>-------- Original message --------</div><div>From: arun kumar <arunvsadnikov at gmail.com> </div><div>Date:27/06/2014 4:42 PM (GMT+02:00) </div><div>To: Asterisk Users Mailing List - Non-Commercial Discussion <asterisk-users at lists.digium.com> </div><div>Subject: Re: [asterisk-users] Attack on Sip server. </div><div>
Change the protocol from tcp to udp in iptables.
On 27 Jun 2014 20:07, "Anurag Rana" <anuragrana31189 at gmail.com> wrote:
Someone is attacking on my SIP server.
There are lot of requests coming in and I am not able to stop it because I am unable to detect the IP address.
I used wireshark to capture the packets.
Although I am using very strong password for my SIP users but still is there any way to drop these packets and stop this attack.
I tried dropping packet after matching some string (most of the packets from attacker contains string 'VaxSIPUserAgent/3.1' ) but it failed. Packets are still flowing in.
iptables -I INPUT 1 -p tcp --dport 5060 -m string --string "VaxSIPUserAgent" --algo bm -j DROP
Its something like this
Registration from '"30" <sp:30 at my_public_ip:5060> failed for '192.168.xxx.xxx:6373' - Wrong Password
and there are approx 10 request per minute of this type.
Please suggest some way to stop this.
On the trampoline of life's experiences, Striving towards a saintly life in the midst of these materialistic turbulences.
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the asterisk-users