[asterisk-biz] 87.230.80.186

[Calleasy BsAS]

Dear  Brett

 

Many thanks for your comment.

 

 any method  that reads logs to detect a  failrude auth , may be suitable , fail2ban make this  

or  just reading  files from  logs directory ( register and messages files ).  to know if  were any intents refused and then block the src ip..

 

with any script that works on  this could be found the ip  from where come the  intents. 

 

 

cat \etc\asterisk\messages | grep Reg | grep  @my.domian  

 

or 

 

cat \etc\asterisk\messages | grep Reg | grep  my.ip.add.res

 

processing it  could be add the iip to the iptables ruiles for block...

 

 

 

in this process, like ever , former we must chose the path  to follow , from two  possibles  to implement .

 

1) closed netowroks , denny all , enables some host to connect.  simple,  not flexible,    not suitbale continuous changing  networks, 

 

2) open networks,  accept all , we must detect intrussion+ attacks and denny all ip for any attack detected o not  trusted .. need much intelligence, resources  and efforts to identify and blocks anything that seem dangerous 

 

 

  

this breif comment was aimed to help some guys  that  were tryiing to get  works some iptables conf to avoid undesired conections.

 

in short:

 

YES...publics DDNS, have some delay  to progress in refresh   cache. there is no doubt about that.