Thanks all. I appreciate your support a lot. Your suggestions helped make a game plan finally. Otherwise i was just shooting in the dark before. Anyways here is what I am going to do now.<br><br>install a better firewall, possibly the one mentioned by mr j stapleton and tighten its security settings. use IP tables in conjunction with the firewall. use something like <a href="http://etel.wiki.oreilly.com/wiki/index.php/Asterisk_Brute_Force_Prevention">this</a> to prevent bruteforce attacks. making changes in asterisk sip peer setting to make it as tight as I can security wise without affecting the service we provide. Provisioning the remote end user ata to make it accept sip messages coming from only the proxy (i'll se what else i can do with them). and keep looking for an even better solution to this problem.<br>
<br>Thanks a lot again.<br><br>Cheers<br><br><div class="gmail_quote">On Mon, Feb 28, 2011 at 11:16 PM, satish patel <span dir="ltr"><<a href="mailto:satish_lx@hotmail.com">satish_lx@hotmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
It could be possible they are not scanning your asterisk server. They are just scanning 5060 and in this case your ATA caught by scan directly that why you don't have any logs on server side. Don't you have any setting in ATA to specify allowed IP address ? <br>
<br>-Satish <br><br><hr>From: <a href="mailto:jstapleton@computer-business.com" target="_blank">jstapleton@computer-business.com</a><br>To: <a href="mailto:asterisk-users@lists.digium.com" target="_blank">asterisk-users@lists.digium.com</a><br>
Date: Mon, 28 Feb 2011 10:27:33 -0500<div><div></div><div class="h5"><br>Subject: Re: [asterisk-users] asterisk security....again<br><br>
<div><p><span style="font-size: 11pt; color: rgb(31, 73, 125);"><a href="http://sipera.com/" target="_blank">http://sipera.com/</a> is one such product.</span></p><p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<div style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0in 0in;"><p><b><span style="font-size: 10pt;">From:</span></b><span style="font-size: 10pt;"> <a href="mailto:asterisk-users-bounces@lists.digium.com" target="_blank">asterisk-users-bounces@lists.digium.com</a> [mailto:<a href="mailto:asterisk-users-bounces@lists.digium.com" target="_blank">asterisk-users-bounces@lists.digium.com</a>] <b>On Behalf Of </b>Rizwan Hisham<br>
<b>Sent:</b> Monday, February 28, 2011 9:33 AM<br><b>To:</b> Asterisk Users Mailing List - Non-Commercial Discussion<br><b>Subject:</b> Re: [asterisk-users] asterisk security....again</span></p></div><p> </p><p style="margin-bottom: 12pt;">
Thanks Mr. Kevin. <br><br>Can anyone please also tell me which firewall is best suited for asterisk/sip attack prevention. Is there any firewall built specially to address sip security problems?</p><div><p>On Mon, Feb 28, 2011 at 6:38 PM, Kevin P. Fleming <<a href="mailto:kpfleming@digium.com" target="_blank">kpfleming@digium.com</a>> wrote:</p>
<div><p>On 02/28/2011 07:27 AM, Rizwan Hisham wrote:</p><p>Any suggestions on encrypting the sip and rtp. I have done some googling<br>on it. looks like it is not supported by most end point devices or<br>service providers. But still your thoughts will be appreciated on this<br>
subject.</p><p> </p></div><p>You cannot protect a remote SIP endpoint from attacks via your server; that SIP endpoint is an endpoint itself, and if it can receive IP packets from attackers, it will process them. These packets don't go through your server, and encrypting the legitimate traffic between your server and the remote endpoint isn't going to make any difference at all.<br>
<br>The *only* way to address attacks like this is to modify the configuration of the remote endpoint to ignore all incoming packets that aren't from your server(s). Even that is not a perfect solution, though, because the attacker (if they are actually aware of your server and customers) can spoof the IP addresses of your server(s) in order to get the remote endpoints to at least accept an INVITE (they can't place a successful call through them using spoofing though).<br>
<span style="color: rgb(136, 136, 136);"><br>-- <br>Kevin P. Fleming<br>Digium, Inc. | Director of Software Technologies<br>445 Jan Davis Drive NW - Huntsville, AL 35806 - USA<br>skype: kpfleming | jabber: <a href="mailto:kfleming@digium.com" target="_blank">kfleming@digium.com</a><br>
Check us out at <a href="http://www.digium.com" target="_blank">www.digium.com</a> & <a href="http://www.asterisk.org" target="_blank">www.asterisk.org</a></span></p><div><div><p><br><br>--<br>_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>New to Asterisk? Join us for a live introductory webinar every Thurs:<br> <a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>asterisk-users mailing list<br>To UNSUBSCRIBE or update options visit:<br> <a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a></p>
</div></div></div><p><br><br clear="all"><br>-- <span style="color: rgb(136, 136, 136);"></span></p><div><p><span style="color: rgb(136, 136, 136);">Best Ragards</span></p></div><div><p><span style="color: rgb(136, 136, 136);">Rizwan Qureshi</span></p>
</div><div><p><span style="color: rgb(136, 136, 136);">VoIP/Asterisk Engineer</span></p></div><div><p><span style="color: rgb(136, 136, 136);">Axvoice Inc.</span></p></div><div><p><span style="color: rgb(136, 136, 136);">V: +92 (0) 3333 6767 26</span></p>
</div><div><p><span style="color: rgb(136, 136, 136);">E: <a href="mailto:rizwanhasham@gmail.com" target="_blank">rizwanhasham@gmail.com</a></span></p></div><div><p><span style="color: rgb(136, 136, 136);">W: <a href="http://www.axvoice.com/" target="_blank">www.axvoice.com</a></span></p>
</div><p> </p></div><br></div></div>--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --
New to Asterisk? Join us for a live introductory webinar every Thurs:
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a>
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a> </div>
<br>--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br></blockquote></div><br><br clear="all"><br>-- <br><font color="#888888"><div>
Best Ragards</div><div>Rizwan Qureshi</div><div>VoIP/Asterisk Engineer</div><div>Axvoice Inc.</div>
<div>V: +92 (0) 3333 6767 26</div><div>E: <a href="mailto:rizwanhasham@gmail.com" target="_blank">rizwanhasham@gmail.com</a></div><div>W: <a href="http://www.axvoice.com/" target="_blank">www.axvoice.com</a></div></font><br>