[asterisk-users] Find a way to block brute force attacks.
Andrew Latham
lathama at gmail.com
Tue Jun 29 12:44:24 CDT 2010
Please start here http://www.spamhaus.org/drop/ with your BGP
routes.... Then move up to log parsing.
~
Andrew "lathama" Latham
lathama at gmail.com
* Learn more about OSS http://en.wikipedia.org/wiki/Open-source_software
* Learn more about Linux http://en.wikipedia.org/wiki/Linux
* Learn more about Tux http://en.wikipedia.org/wiki/Tux
On Tue, Jun 29, 2010 at 1:38 PM, Zeeshan Zakaria <zishanov at gmail.com> wrote:
> If I didn't have fail2ban, I would have way over 20k of these entries in my
> asterisk log.
>
> Zeeshan A Zakaria
>
> --
> www.ilovetovoip.com
>
> On 2010-06-29 1:36 PM, "Rodrigo Lang" <rodrigoferreiralang at gmail.com> wrote:
>
> Good afternoon.
>
> Thanks to everyone for answers. What I find strange is the asterisk does not
> have any native tool for him to SIP server security. Here's an example of
> the syslog messages from asterisk:
>
> [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"
> <sip:213 at my_extern_ip>' failed for '116 .124.128.82 '- Wrong password
> [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"
> <sip:213 at my_extern_ip>' failed for '116 .124.128.82 '- Wrong password
> [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"
> <sip:213 at my_extern_ip>' failed for '116 .124.128.82 '- Wrong password
> [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"
> <sip:213 at my_extern_ip>' failed for '116 .124.128.82 '- Wrong password
> [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"
> <sip:213 at my_extern_ip>' failed for '116 .124.128.82 '- Wrong password
> [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"
> <sip:213 at my_extern_ip>' failed for '116 .124.128.82 '- Wrong password
> [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"
> <sip:213 at my_extern_ip>' failed for '116 .124.128.82 '- Wrong password
> [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"
> <sip:213 at my_extern_ip>' failed for '116 .124.128.82 '- Wrong password
>
> From what I told there is around twenty thousand records that at one time.
> And at least once a week I receive such an attack coming from a different
> ip.
>
> I will read the articles. Thanks again to everyone.
>
>
> Regards,
> Rodrigo Lang.
>
>
> 2010/6/29 Kenny Watson <kwatson at geniusgroupltd.com>
>
>>
>> Hi, you can use fail2ban
>> http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asteri...
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
More information about the asterisk-users
mailing list