<span id="result_box" class="long_text"><span title="Boa tarde." onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">Good afternoon.
<br>
<br></span><span title="Obrigado à todos pelas respostas." onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">Thanks to everyone for
answers.
</span><span title="O que eu acho estranho é o asterisk não possuir
alguma ferramenta nativa à ele para segurança do servidor SIP." onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">What I find strange is
the asterisk does not have any native tool for him to SIP server
security.
</span><span title="Segue um exemplo do syslog messages do
asterisk:" onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">Here's an example of the
syslog messages from asterisk:
<br>
<br></span><span style="background-color: rgb(255, 255, 255);" title="[Jun 15 03:05:46] NOTICE[25284] chan_sip.c: Registration from
'"213" <sip:213@my_extern_ip>' failed for
'116.124.128.82' - Wrong password" onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">[Jun 15 03:05:46] NOTICE
[25284] chan_sip.c: Registration from '"213"
<sip:213@my_extern_ip>' failed for '116 .124.128.82 '- Wrong
password
<br></span><span style="background-color: rgb(255, 255, 255);" title="[Jun 15 03:05:46] NOTICE[25284] chan_sip.c: Registration from
'"213" <sip:213@my_extern_ip>' failed for
'116.124.128.82' - Wrong password" onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">[Jun 15 03:05:46] NOTICE
[25284] chan_sip.c: Registration from '"213"
<sip:213@my_extern_ip>' failed for '116 .124.128.82 '- Wrong
password
<br></span><span style="background-color: rgb(255, 255, 255);" title="[Jun 15 03:05:46] NOTICE[25284] chan_sip.c: Registration from
'"213" <sip:213@my_extern_ip>' failed for
'116.124.128.82' - Wrong password" onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">[Jun 15 03:05:46] NOTICE
[25284] chan_sip.c: Registration from '"213"
<sip:213@my_extern_ip>' failed for '116 .124.128.82 '- Wrong
password
<br></span><span style="background-color: rgb(255, 255, 255);" title="[Jun 15 03:05:46] NOTICE[25284] chan_sip.c: Registration from
'"213" <sip:213@my_extern_ip>' failed for
'116.124.128.82' - Wrong password" onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">[Jun 15 03:05:46] NOTICE
[25284] chan_sip.c: Registration from '"213"
<sip:213@my_extern_ip>' failed for '116 .124.128.82 '- Wrong
password
<br></span><span style="background-color: rgb(255, 255, 255);" title="[Jun 15 03:05:46] NOTICE[25284] chan_sip.c: Registration from
'"213" <sip:213@my_extern_ip>' failed for
'116.124.128.82' - Wrong password" onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">[Jun 15 03:05:46] NOTICE
[25284] chan_sip.c: Registration from '"213"
<sip:213@my_extern_ip>' failed for '116 .124.128.82 '- Wrong
password
<br></span><span style="background-color: rgb(255, 255, 255);" title="[Jun 15 03:05:46] NOTICE[25284] chan_sip.c: Registration from
'"213" <sip:213@my_extern_ip>' failed for
'116.124.128.82' - Wrong password" onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">[Jun 15 03:05:46] NOTICE
[25284] chan_sip.c: Registration from '"213"
<sip:213@my_extern_ip>' failed for '116 .124.128.82 '- Wrong
password
<br></span><span style="background-color: rgb(255, 255, 255);" title="[Jun 15 03:05:46] NOTICE[25284] chan_sip.c: Registration from
'"213" <sip:213@my_extern_ip>' failed for
'116.124.128.82' - Wrong password" onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">[Jun 15 03:05:46] NOTICE
[25284] chan_sip.c: Registration from '"213"
<sip:213@my_extern_ip>' failed for '116 .124.128.82 '- Wrong
password
<br></span><span style="background-color: rgb(255, 255, 255);" title="[Jun 15 03:05:46] NOTICE[25284] chan_sip.c: Registration from
'"213" <sip:213@my_extern_ip>' failed for
'116.124.128.82' - Wrong password" onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">[Jun 15 03:05:46] NOTICE
[25284] chan_sip.c: Registration from '"213"
<sip:213@my_extern_ip>' failed for '116 .124.128.82 '- Wrong
password
<br>
<br>
</span><span style="background-color: rgb(255, 255, 255);" title="Pelo que contei existe em torno de vinte mil registros desse em
uma hora." onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">From what I told there is
around twenty thousand records that at one time. </span><span title="E
pelo menos uma vez por semana eu recebo um ataque desses vindo de um ip
diferente." onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">And at least once a week I
receive such an attack coming from a different ip.
</span></span><br><br><span id="result_box" class="short_text"><span style="" title="">I will
read the articles. </span><span title="">Thanks again to everyone.<br><br><br></span><span title="">Regards,<br></span><span title="">Rodrigo Lang.<br><br></span></span><br><div class="gmail_quote">2010/6/29 Kenny Watson <span dir="ltr"><<a href="mailto:kwatson@geniusgroupltd.com">kwatson@geniusgroupltd.com</a>></span><br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Hi, you can use fail2ban <a href="http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk" target="_blank">http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk</a><br>
<br>
Which works well, when a pattern is found in a log file it addes in an iptables rules to block the traffic for a period.<br>
<br>
On debian you can apt-get install fail2ban and on centos/redhat yum -i fail2ban<br>
<br>
Thanks<br>
<font color="#888888"><br>
Kenny<br>
</font><div><div></div><div class="h5"><br>
----- Original Message -----<br>
From: "Gareth Blades" <<a href="mailto:list-asterisk@skycomuk.com">list-asterisk@skycomuk.com</a>><br>
To: "Asterisk Users Mailing List - Non-Commercial Discussion" <<a href="mailto:asterisk-users@lists.digium.com">asterisk-users@lists.digium.com</a>><br>
Sent: Tuesday, 29 June, 2010 4:12:42 PM<br>
Subject: Re: [asterisk-users] Find a way to block brute force attacks.<br>
<br>
Rodrigo Lang wrote:<br>
> Hello list.<br>
><br>
> I'm trying to find a way to block any ip that tries to login more than<br>
> three times with the wrong password and try to log in three different<br>
> extensions. For I have suffered some brute force attacks on my asterisk<br>
> in the morning period.<br>
><br>
> The idea would be: Any ip with three attempts without success to log<br>
> into an extension is blocked.<br>
><br>
> Is there any way to accomplish this directly by the asterisk? Or is<br>
> there some kind of asterisk spit this information via the AMI?<br>
><br>
> I was wondering to make a Java program to listen to the AMI and create a<br>
> rule in iptables for ip in specific.<br>
><br>
> Does anyone have any suggestions?<br>
><br>
><br>
> Thanks,<br>
> Rodrigo Lang.<br>
><br>
Does asterisk log the failed attempts to a file?<br>
If so then you could use sshblack to monitor the file for incorrect<br>
logins. It will add firewalls rules to a custom iptables chain based on<br>
various criteria. You can then point incoming SIP connections through<br>
this chain so offenders will be forewalled for a specific amount of time.<br>
<a href="http://www.pettingers.org/code/sshblack.html" target="_blank">http://www.pettingers.org/code/sshblack.html</a><br>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</div></div></blockquote></div><br>