[asterisk-users] Firewalling and Asterisk

[John Novack]

If you do a search on the list postings for the past yea,r and even in 
the past 2 weeks, you will find much discussion on this topic.
Fail2Ban seems fairly effective
Complex user names and passwords really help
( assuming your hack attempts are with SIP ) sipvicious is most likely 
the hackers tool of choice
A couple of entries in your Sip general section will also help
A default context that leads nowhere is advisable
The attempt could only be the first of many to come, from different IP 
addresses

Google is your friend

John Novack



Silver Thorne wrote:
> Forgive my ignorance on this as I am still fairly new to Asterisk.
>
> I have noticed lately that there have been several attempts to hack 
> our Asterisk server. I see multiple attempts to log in with a 
> particular extension from the same IP address, perhaps hundreds of 
> times per second. It causes the overhead to spike to ~100%. It is more 
> of a pain in the ass than anything.
> So far what I have been doing is adding a drop of this particular IP 
> address to my iptables configuration. This makes that particular one 
> stop and overhead drops back to normal.
> What I would like to know is:
>
>    1. has anyone else seen this?
>    2. what is the best way of prevention?
>
> We are awaiting our Cisco firewall, but I can implement a software 
> solution in the meantime (Shorewall).
>
> So, I am wondering if anyone has a firewall/IP tables statement that 
> keep out unauthorised users? No one seems to get in as we use really 
> strong passwords. However, the attempts cause our Asterisk server to 
> grind almost to a halt. I cannot even connect with a SIP phone when 
> this happens.
>
> Any words of wisdom for me?
>
> Thanks!
>
> Glen
>
>

-- 

Dog is my Co-pilot

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101128/068f3c33/attachment.htm