[asterisk-users] Brute force attacks
A J Stiles
asterisk_list at earthshod.co.uk
Fri Jul 2 12:25:05 CDT 2010
On Friday 02 Jul 2010, Tim Nelson wrote:
> ----- "A J Stiles" <asterisk_list at earthshod.co.uk> wrote:
> > On Friday 02 Jul 2010, Ira wrote:
> > > At 11:14 PM 7/1/2010, you wrote:
> > > >Same activity from these IPs:
> > > >174.129.137.135
> > >
> > > Given that my Asterisk box is used for nothing but Asterisk and I
> > > know the small number of IPs that need to have access is there an
> > > easy way to use iptables to block everything but those 6 IPs and
> > > provider addresses?
> >
> > Yes, dead easy! Just configure iptables to accept IAX traffic (TCP
> > and UDP
> > port 4569) only from trusted IP addresses, and drop it from anywhere
> > else.
> > [ stuff omitted ]
>
> IAX is UDP only, not TCP. Also, what if he's using SIP (UDP/5060) for
> connectivity to the outside world? He'll need rules for this, in addition
> to RTP media (typically UDP/10000-20000)...
OK, so you might not need the lines with -p tcp in them; I was just being
efficient (i.e., cribbing from an old config file that has worked for me
since forever).
All the setups on which I've worked have used SIP on the inside, and IAX on
the outside. That way, you don't need so many ports open -- and you avoid
the 'mare that is funnelling telephony through NAT. (See also FTP and fax.)
If you need other ports open, the same general principles apply. Read the
iptables man page, look at other people's firewall scripts; and most
importantly of all, make sure you have a keyboard and monitor plugged into
the machine; because one day, you *will* accidentally block port 22 from
0.0.0.0/0.
--
AJS
More information about the asterisk-users
mailing list