[asterisk-users] Asterisk secure fine tune - stop attack

Chris Bagnall asterisk at lists.minotaur.cc
Thu Sep 4 11:26:43 CDT 2014

On 4/9/14 4:58 pm, Eric Wieling wrote:
> If we don't need to allow access from outside the USA we block access from all non-ARIN IP addresses by using iptables.   This takes care of at least 80% of attacks.

Likewise here (though RIPE rather than ARIN, since we're the other side 
of the pond).

You can also take it a bit further: if, for example, you know what 
ISP(s) your dynamic clients are using, you can limit connections to the 
IP ranges those ISP(s) use - look up their ranges on he.net's BGP 
looking glass if you need to find out what ranges they're using.

Another thing I've been playing with of late is using iptables' string 
matching functionality to block user agents of known attack vectors: 
'sipcli', 'sipvicious', 'friendly-scanner', etc.

This seems to work remarkably well, though what impact it has on net 
performance under load remains to be seen.

Kind regards,

This email is made from 100% recycled electrons

More information about the asterisk-users mailing list