My main point was to block SIP Anonymous calls and not give the impression that there is a SIP server. As for as REGISTER goes, I am not sure how it's dealt in Asterisk and probably some work around can be found using IPTABLES again to not respond to REGISTER requests as well if they are not authenticated.<div>
<br></div><div>Thanks for bringing OSSEC up, I will explore it.</div><div><br></div><div>- Bruce <br><br><div class="gmail_quote">On Mon, Jul 25, 2011 at 11:02 AM, Paul Hayes <span dir="ltr"><<a href="mailto:paul@provu.co.uk">paul@provu.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">On 23/07/11 04:48, Bruce B wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Quote,/"How do the users register to begin with, if their REGISTER<br>
requests won't be processed unless their IP is already known to be a<br>
registrant? :-)"/<br>
<br>
Well, unfortunately I don't have the luxury of knowing their IP and the<br>
closest I know is their IP range.<br>
<br>
</blockquote>
<br></div>
Then I don't understand what the point would be. You'll have to leave Asterisk responding to all Register requests (and to be fair all the attacks I've seen have been done by sending Register requests anyway).<br>
<br>
I use OSSEC on my Asterisk systems to handle iptables rule generation on the fly. You could write your own rule(s) for that to block source IP addresses sending you Invites when they aren't Registered.<br>
<br>
cheers,<br><font color="#888888">
Paul.</font><div><div></div><div class="h5"><br>
<br>
--<br>
______________________________<u></u>______________________________<u></u>_________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/<u></u>mailman/listinfo/asterisk-<u></u>users</a><br>
</div></div></blockquote></div><br></div>