[asterisk-users] Asterisk secure fine tune - stop attack

Michelle Dupuis mdupuis at ocg.ca
Thu Sep 4 11:19:26 CDT 2014


You can also take a look at SecAst (www.generationd.com).    The free version is a drop-in replacement for fail2ban but also add a lot more intelligence (and no need to update regex's etc). There's also geographic IP fencing so you can block attacks by country / region / city etc., only allow access by geography, etc.  And a whole lot more (including detection of breached but valid credentials to halt ongoing fraud, etc)


-=M=-


The opinions above are my own, and don't necessarily represent those of my employer.  Since I'm employed by Generation D however you can bet that I have a serious bias :)


________________________________
From: asterisk-users-bounces at lists.digium.com <asterisk-users-bounces at lists.digium.com> on behalf of Eric Wieling <EWieling at nyigc.com>
Sent: Thursday, September 4, 2014 11:58 AM
To: Asterisk Users List
Subject: Re: [asterisk-users] Asterisk secure fine tune - stop attack

If we don't need to allow access from outside the USA we block access from all non-ARIN IP addresses by using iptables.   This takes care of at least 80% of attacks.

I enabled guest access and pointed all guest calls to an IVR which auto disconnects the call after a while (2 min seems good) if there is no response.   That took care of most of the remaining attacks.

I'm considering enabling auto create peer and routing calls to the same IVR as above.

We also use fail2ban, but mostly for non-SIP attacks.

Before enabling any guest access be ABSOLUTELY SURE you know how to do it without causing security issues.

From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Hashmat Khan
Sent: Thursday, September 04, 2014 3:45 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk secure fine tune - stop attack

dont forgot to put your "trusted IPs" into "ignoreip" list while configuring fail2ban

its very important when a customer (may be 100+ extns) are behind NAT and only present single public IP

Rgds
Hash
________________________________

Date: Thu, 4 Sep 2014 08:42:11 -0700
From: motty.cruz at gmail.com<mailto:motty.cruz at gmail.com>
To: asterisk-users at lists.digium.com<mailto:asterisk-users at lists.digium.com>
Subject: Re: [asterisk-users] Asterisk secure fine tune - stop attack
Hi A J,
believe me, I wish i do as you suggested, however I have a few extensions outside the office with dynamic IPs, so that is not a possibility. Thanks for your suggestions, I will try fail2ban. I don't know how complicated is to implement that on production server.

Thanks,
-Motty

On Thu, Sep 4, 2014 at 8:19 AM, A J Stiles <asterisk_list at earthshod.co.uk<mailto:asterisk_list at earthshod.co.uk>> wrote:
On Thursday 04 Sep 2014, motty cruz wrote:
> Hi All,
> I see this kind of attack on our Asterisk Server, do you know how to block
> that IP?
Instead of blocking unwanted IPs, you should be permitting only wanted IPs.

--
AJS

Note:  Originating address only accepts e-mail from list!  If replying off-
list, change address to asterisk1list at earthshod dot co dot uk .

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com<http://www.api-digital.com/> --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users


-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com<http://www.api-digital.com/> -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140904/19509f9f/attachment.html>


More information about the asterisk-users mailing list