[asterisk-users] Asterisk secure fine tune - stop attack
motty.cruz at gmail.com
Thu Sep 4 11:32:36 CDT 2014
Thank you all for your support, your suggestions are welcome.
On Thu, Sep 4, 2014 at 9:26 AM, Chris Bagnall <asterisk at lists.minotaur.cc>
> On 4/9/14 4:58 pm, Eric Wieling wrote:
>> If we don't need to allow access from outside the USA we block access
>> from all non-ARIN IP addresses by using iptables. This takes care of at
>> least 80% of attacks.
> Likewise here (though RIPE rather than ARIN, since we're the other side of
> the pond).
> You can also take it a bit further: if, for example, you know what ISP(s)
> your dynamic clients are using, you can limit connections to the IP ranges
> those ISP(s) use - look up their ranges on he.net's BGP looking glass if
> you need to find out what ranges they're using.
> Another thing I've been playing with of late is using iptables' string
> matching functionality to block user agents of known attack vectors:
> 'sipcli', 'sipvicious', 'friendly-scanner', etc.
> This seems to work remarkably well, though what impact it has on net
> performance under load remains to be seen.
> Kind regards,
> This email is made from 100% recycled electrons
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the asterisk-users