[asterisk-users] Under heavy attack

dotnetdub dotnetdub at gmail.com
Sun Oct 31 04:16:35 CDT 2010 

On 30 October 2010 19:28, Zeeshan Zakaria <zishanov at gmail.com> wrote:

> My main asterisk server is under unusual heavy attack, and so far Fail2Ban
> has blocked about 30 IPs, from various different countries. At this time it
> is blocking about 1 IP address every few minutes.
>
> Just wondering if anybody else is also experiencing unusually increased
> hack attempts today?
>
> Zeeshan A Zakaria
>
> --
> www.ilovetovoip.com
> www.pbxforall.com (beta)
>


Good Morning.

Certainly some kind of very slow DDOS attack.

I'm blocking at IPTABLES level.

Strange thing is even after I DROP the REGISTER attempts they keep on trying
which is unusual.

We have a number of Asterisk & Kamailio boxes on the same subnet and it's
only targeting 1 Asterisk box.

IP's so far if anyone wants to block them before they start on your SIP
device:

2010-10-30 18:20:19,023  213.6.233.51

2010-10-30 18:29:41,251  124.122.224.110

2010-10-30 18:29:53,296  41.178.183.80

2010-10-30 18:30:06,047  118.71.80.236

2010-10-30 18:35:05,356  93.181.206.84

2010-10-30 18:35:17,588  207.226.53.120

2010-10-30 18:35:19,995  151.15.169.144

2010-10-30 19:09:35,223  41.133.218.95

2010-10-30 19:10:37,108  125.165.185.126

2010-10-30 19:10:54,011  196.221.74.86

2010-10-30 19:11:06,779  58.8.51.183

2010-10-30 19:11:09,739  111.125.76.79

2010-10-30 19:12:29,671  189.224.23.133

2010-10-30 19:15:28,303  62.87.81.138

2010-10-30 19:17:44,548  118.96.68.202

2010-10-30 19:19:39,432  178.137.18.176

2010-10-30 19:20:59,923  109.197.85.84

2010-10-30 19:22:41,063  91.187.103.33

2010-10-30 19:24:57,283  79.191.64.68

2010-10-30 19:29:39,523  189.19.36.241

2010-10-30 19:33:19,096  85.97.235.244

2010-10-30 19:40:51,324  145.236.187.148

2010-10-30 19:43:02,567  196.217.233.120

2010-10-30 19:47:46,323  145.236.184.134

2010-10-30 19:54:07,564  186.89.189.218

2010-10-30 19:54:51,155  178.154.93.136

2010-10-30 20:01:32,615  187.126.9.46

2010-10-30 20:01:53,215  92.253.28.116

2010-10-30 20:02:31,448  41.218.245.63

2010-10-30 20:05:24,203  85.104.3.147

2010-10-30 20:06:40,431  93.116.63.10

2010-10-30 20:09:00,668  151.15.165.59

2010-10-30 20:09:13,907  95.132.177.3

2010-10-30 20:09:52,135  187.17.185.1

2010-10-30 20:11:46,719  88.230.199.132

2010-10-30 20:22:10,947  86.34.8.194

2010-10-30 20:23:10,176  109.96.12.119

2010-10-30 20:23:18,336  201.240.127.189

2010-10-30 20:25:56,932  92.84.117.146

2010-10-30 20:26:26,155  88.227.121.14

2010-10-30 20:37:26,400  189.7.19.95

2010-10-30 20:37:33,024  41.236.166.150

2010-10-30 20:39:26,968  118.96.218.199

2010-10-30 20:44:27,968  41.232.67.66

2010-10-30 20:48:48,715  41.189.55.21

2010-10-30 20:52:12,431  189.15.98.140

2010-10-30 20:54:51,031  189.70.167.100

2010-10-30 20:55:42,639  189.15.99.161

2010-10-30 20:56:19,243  41.189.53.202

2010-10-30 20:58:24,979  41.189.54.61

2010-10-30 20:58:49,720  79.112.136.182

2010-10-30 20:59:40,959  41.189.55.3

2010-10-30 21:06:31,700  180.214.232.20

2010-10-30 21:10:27,811  189.23.61.5

2010-10-30 21:15:42,452  118.96.106.229

2010-10-30 21:34:23,343  93.146.195.166

2010-10-30 21:42:25,575  190.172.152.53

2010-10-30 21:43:10,184  94.141.68.62

2010-10-30 23:03:41,419  78.176.225.22

2010-10-30 23:46:20,651  76.116.250.237

2010-10-30 23:49:53,023  188.52.97.82

2010-10-30 23:52:02,279  78.167.12.19

2010-10-31 00:02:12,511  200.220.209.204

2010-10-31 00:11:01,491  41.205.112.90

2010-10-31 00:13:20,399  187.74.15.7

2010-10-31 00:13:36,963  201.42.156.126

2010-10-31 00:16:00,563  41.238.170.22

2010-10-31 00:26:21,299  62.248.47.86

2010-10-31 00:34:34,524  93.116.228.188

2010-10-31 00:41:35,760  110.32.149.227

2010-10-31 00:46:44,755  81.6.90.142

2010-10-31 00:50:50,995  78.162.174.78

2010-10-31 00:58:23,220  123.23.243.19

2010-10-31 00:59:01,476  119.42.83.249

2010-10-31 01:04:01,403  112.201.240.119

2010-10-31 01:15:13,300  190.233.197.248

2010-10-31 01:18:14,979  189.110.116.97

2010-10-31 01:19:07,572  113.162.96.205

2010-10-31 01:23:30,527  178.210.133.205

2010-10-31 01:32:22,339  151.15.175.8

2010-10-31 01:51:35,576  178.53.139.232

2010-10-31 02:00:01,131  85.104.94.215

2010-10-31 02:00:02,403  123.27.9.4

2010-10-31 02:00:03,281  118.137.89.66

2010-10-31 02:00:04,184  113.170.140.8

2010-10-31 02:07:17,011  125.185.5.19

2010-10-31 02:15:02,887  123.17.204.125

2010-10-31 02:22:27,803  81.192.211.208

2010-10-31 02:25:47,031  118.96.176.53

2010-10-31 02:35:08,059  113.169.105.142

2010-10-31 02:47:15,984  222.253.242.237

2010-10-31 02:52:05,876  99.229.149.67

2010-10-31 06:25:08,147  187.74.15.7

2010-10-31 06:25:08,764  112.201.240.119

2010-10-31 06:25:09,781  93.116.228.188

2010-10-31 06:25:10,084  188.52.97.82

2010-10-31 06:25:14,303  118.137.89.66

2010-10-31 06:25:27,251  201.42.156.126

2010-10-31 06:36:19,591  188.53.35.208

2010-10-31 07:40:12,855  121.246.144.94

2010-10-31 07:41:29,783  222.124.3.13

2010-10-31 07:41:42,671  77.81.49.178

2010-10-31 07:42:41,911  119.92.232.162

2010-10-31 07:42:52,792  110.168.115.109

2010-10-31 07:44:10,831  222.253.241.210

2010-10-31 07:45:46,755  94.240.149.110

2010-10-31 07:50:09,999  178.155.54.47

2010-10-31 07:51:36,471  88.226.33.30

2010-10-31 07:52:08,684  113.172.230.103

2010-10-31 07:55:10,723  118.96.242.225

2010-10-31 07:55:33,595  109.120.46.78

2010-10-31 07:55:45,735  113.167.33.220

2010-10-31 07:57:32,575  60.220.253.149

2010-10-31 07:57:48,483  113.166.1.235

2010-10-31 07:59:16,335  113.59.222.50

2010-10-31 07:59:54,187  41.215.64.66

2010-10-31 08:04:48,071  85.106.225.138

2010-10-31 08:04:54,300  88.227.52.50

2010-10-31 08:05:56,551  193.106.220.17

2010-10-31 08:29:51,783  202.133.58.122

2010-10-31 08:33:05,652  188.38.10.102

2010-10-31 08:33:22,880  78.185.153.80

2010-10-31 08:34:08,119  41.210.27.205

2010-10-31 08:34:21,063  89.122.0.141

2010-10-31 08:36:01,300  94.255.118.14

2010-10-31 08:38:46,528  81.213.179.105



Regards
Brian





>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101031/5fda2b0f/attachment.htm

More information about the asterisk-users mailing list