[asterisk-users] Asterisk secure fine tune - stop attack
asterisk at lists.minotaur.cc
Thu Sep 4 11:26:43 CDT 2014
On 4/9/14 4:58 pm, Eric Wieling wrote:
> If we don't need to allow access from outside the USA we block access from all non-ARIN IP addresses by using iptables. This takes care of at least 80% of attacks.
Likewise here (though RIPE rather than ARIN, since we're the other side
of the pond).
You can also take it a bit further: if, for example, you know what
ISP(s) your dynamic clients are using, you can limit connections to the
IP ranges those ISP(s) use - look up their ranges on he.net's BGP
looking glass if you need to find out what ranges they're using.
Another thing I've been playing with of late is using iptables' string
matching functionality to block user agents of known attack vectors:
'sipcli', 'sipvicious', 'friendly-scanner', etc.
This seems to work remarkably well, though what impact it has on net
performance under load remains to be seen.
This email is made from 100% recycled electrons
More information about the asterisk-users