Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who connect to my server to make illegitimate solicitation calls to people. I had to shutdown the server for now until I find a solution. ANY HELP? Thanks. ond -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20090206/142dcd22/attachment.htm
You should be able to do some sort of iptable "magic" to restrict incoming activity to specific IP addresses. It depends on your flavor of Linux. Google "linux hardening". _____ From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of oumar ndiaye Sent: Friday, February 06, 2009 3:01 PM To: asterisk-users at lists.digium.com Subject: [asterisk-users] Security issue Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who connect to my server to make illegitimate solicitation calls to people. I had to shutdown the server for now until I find a solution. ANY HELP? Thanks. ond -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20090206/5723df6f/attachment.htm
you have many options but you should use it together. firewall in the user/peers definitions add host=<ip> and/or deny=0.0.0.0/0.0.0.0 permit=<ip>/<mask> change the ip of your server. use something like ossec to avoid force brute. David 2009/2/6 oumar ndiaye <ond4444 at gmail.com>> Is there a way to restrict connection to my asterisk server to users based > on their IP addresses, and not just password. I have some hackers who > connect to my server to make illegitimate solicitation calls to people. I > had to shutdown the server for now until I find a solution. ANY HELP? > Thanks. > ond > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >-- (\__/) (='.'=)This is Bunny. Copy and paste bunny into your (")_(")signature to help him gain world domination. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20090207/f7db82f1/attachment.htm
On Fri, 6 Feb 2009, oumar ndiaye wrote:> Is there a way to restrict connection to my asterisk server to users based > on their IP addresses, and not just password. I have some hackers who > connect to my server to make illegitimate solicitation calls to people. I > had to shutdown the server for now until I find a solution. ANY HELP?I'm curious about hackers getting in when you have username and passwords set. How are they cracking the passwords in the first place? Gordon
well, you got the general idea :) 2009/2/9 Tzafrir Cohen <tzafrir.cohen at xorcom.com>> On Mon, Feb 09, 2009 at 11:09:34AM +0000, Geraint Lee wrote: > > what about something along the lines of... > > > > iptables -A INPUT -p udp --dport 5060 -j DROP > > iptables -A INPUT -p udp -s 192.168.0.0/24 --dport 5060 -j ACCEPT > > iptables -A INPUT -p udp -s 10.0.0.0/8 --dport 5060 -j ACCEPT > > iptables -A INPUT -p udp -s 66.66.66.66 --dport 5060 -j ACCEPT > > Err... I guess you meant: > > iptables -A INPUT -p udp -s 192.168.0.0/24 --dport 5060 -j ACCEPT > iptables -A INPUT -p udp -s 10.0.0.0/8 --dport 5060 -j ACCEPT > iptables -A INPUT -p udp -s 66.66.66.66 --dport 5060 -j ACCEPT > # only if previous three did not match: > iptables -A INPUT -p udp --dport 5060 -j DROP > > -- > Tzafrir Cohen > icq#16849755 jabber:tzafrir.cohen at xorcom.com<jabber%3Atzafrir.cohen at xorcom.com> > +972-50-7952406 mailto:tzafrir.cohen at xorcom.com > http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20090209/86b5aee6/attachment.htm
Apparently Analagous Threads
- AgentCallBackLogin no longer works after installing asterisk 1.6
- My Switch is being attacked using sip scanner tool (Service Abuse Attack)
- [Bug 2039] New: Give proper credits for ECDSA patch
- [Bug 2040] New: Downgrade attack vulnerability when checking SSHFP records
- interactive loop