[asterisk-users] Attack on Sip server.
arun kumar
arunvsadnikov at gmail.com
Fri Jun 27 09:42:20 CDT 2014
Hi,
Change the protocol from tcp to udp in iptables.
~Arun
On 27 Jun 2014 20:07, "Anurag Rana" <anuragrana31189 at gmail.com> wrote:
>
> Hi All.
>
> Someone is attacking on my SIP server.
> There are lot of requests coming in and I am not able to stop it because I
> am unable to detect the IP address.
> I used wireshark to capture the packets.
>
> Although I am using very strong password for my SIP users but still is
> there any way to drop these packets and stop this attack.
>
> I tried dropping packet after matching some string (most of the packets
> from attacker contains string 'VaxSIPUserAgent/3.1' ) but it failed.
> Packets are still flowing in.
>
> iptables -I INPUT 1 -p tcp --dport 5060 -m string --string "VaxSIPUserAgent" --algo bm -j DROP
>
>
> Its something like this
>
> Registration from '"30" <sp:30 at my_public_ip:5060> failed for
> '192.168.xxx.xxx:6373' - Wrong Password
>
> and there are approx 10 request per minute of this type.
>
> Please suggest some way to stop this.
>
>
> --
> Anurag Rana
> http://newbie42.blogspot.in/
> On the trampoline of life's experiences, Striving towards a saintly life
> in the midst of these materialistic turbulences.
>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140627/d6280ef1/attachment.html>
More information about the asterisk-users
mailing list