[asterisk-users] Find a way to block brute force attacks.

Rodrigo Lang rodrigoferreiralang at gmail.com
Tue Jun 29 12:57:25 CDT 2010


Thanks again.

But it was a question pending. It's possible AMI show failure resgisters and
wrong password? Because I already have a Java program for AMI and a few
lines of modification would solve my problem if asterisk sends the
information to the AMI.



Thanks,
Rodrigo Lang.



2010/6/29 Andrew Latham <lathama at gmail.com>

> Please start here http://www.spamhaus.org/drop/ with your BGP
> routes....   Then move up to log parsing.
>
>
> ~
> Andrew "lathama" Latham
> lathama at gmail.com
>
> * Learn more about OSS http://en.wikipedia.org/wiki/Open-source_software
> * Learn more about Linux http://en.wikipedia.org/wiki/Linux
> * Learn more about Tux http://en.wikipedia.org/wiki/Tux
>
>
>
> On Tue, Jun 29, 2010 at 1:38 PM, Zeeshan Zakaria <zishanov at gmail.com>
> wrote:
> > If I didn't have fail2ban, I would have way over 20k of these entries in
> my
> > asterisk log.
> >
> > Zeeshan A Zakaria
> >
> > --
> > www.ilovetovoip.com
> >
> > On 2010-06-29 1:36 PM, "Rodrigo Lang" <rodrigoferreiralang at gmail.com>
> wrote:
> >
> > Good afternoon.
> >
> > Thanks to everyone for answers. What I find strange is the asterisk does
> not
> > have any native tool for him to SIP server security. Here's an example of
> > the syslog messages from asterisk:
> >
> > [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"
> > <sip:213 at my_extern_ip>' failed for '116 .124.128.82 '- Wrong password
> > [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"
> > <sip:213 at my_extern_ip>' failed for '116 .124.128.82 '- Wrong password
> > [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"
> > <sip:213 at my_extern_ip>' failed for '116 .124.128.82 '- Wrong password
> > [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"
> > <sip:213 at my_extern_ip>' failed for '116 .124.128.82 '- Wrong password
> > [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"
> > <sip:213 at my_extern_ip>' failed for '116 .124.128.82 '- Wrong password
> > [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"
> > <sip:213 at my_extern_ip>' failed for '116 .124.128.82 '- Wrong password
> > [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"
> > <sip:213 at my_extern_ip>' failed for '116 .124.128.82 '- Wrong password
> > [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"
> > <sip:213 at my_extern_ip>' failed for '116 .124.128.82 '- Wrong password
> >
> > From what I told there is around twenty thousand records that at one
> time.
> > And at least once a week I receive such an attack coming from a different
> > ip.
> >
> > I will read the articles. Thanks again to everyone.
> >
> >
> > Regards,
> > Rodrigo Lang.
> >
> >
> > 2010/6/29 Kenny Watson <kwatson at geniusgroupltd.com>
> >
> >>
> >> Hi, you can use fail2ban
> >> http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asteri.<http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asteri.>
> ..
> >
> > --
> > _____________________________________________________________________
> > -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> > New to Asterisk? Join us for a live introductory webinar every Thurs:
> >               http://www.asterisk.org/hello
> >
> > asterisk-users mailing list
> > To UNSUBSCRIBE or update options visit:
> >   http://lists.digium.com/mailman/listinfo/asterisk-users
> >
> > --
> > _____________________________________________________________________
> > -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> > New to Asterisk? Join us for a live introductory webinar every Thurs:
> >               http://www.asterisk.org/hello
> >
> > asterisk-users mailing list
> > To UNSUBSCRIBE or update options visit:
> >   http://lists.digium.com/mailman/listinfo/asterisk-users
> >
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100629/db6dfdd2/attachment.htm 


More information about the asterisk-users mailing list