[asterisk-users] Interesting attack tonight & fail2ban them
Mikhail Lischuk
mlischuk at itx.com.ua
Thu Dec 29 03:14:35 CST 2011
Jeroen Eeuwes писал 29.12.2011 07:29:
> Probably my
understanding is limited, but it seems to me that they
> have already
'access' to your Asterisk for them to be able to try to
> make outgoing
calls. Wouldn't it be better to make sure they get the
> "usual" errors
like "Registration from failed - no matching peer
> found"?
>
> In
other words, how did they get this far in the first place?
>
> Best
regards,
> Jeroen Eeuwes
Agreed. If you didn't get the "Failed to
authenticate on INVITE" (or whatever error should Asterisk log for not
authenticated user trying to place a call, I might be wrong here) - your
problem is way more serious.
As I can advice you from my wast (despite
not always successfull) intruders fighting experience - banning by
useragent can help. I always dreamed of Asterisk to implement that, but
until then - if all your users are like "Linksys blablabla" or "eyeBeam
blablabla" and you see any other agent on the Asterisk log - just ban
it. Ofcourse, there are 2 limitations:
1) If he doesnt register,
Asterisk wont show his useragent in log. And as for yor issue - neither
will it show IP. I think we might ask devs to correct that some day
2)
if you dont have some standard for user sip devices and they use
whatever they want to, it wont help either
--
With Best
Regards
Mikhail Lischuk
ITX Ukraine
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20111229/d04b0617/attachment.htm>
More information about the asterisk-users
mailing list