at least once a week I receive such an attack coming from a different ip.
I will read the articles. Thanks again to everyone.
Regards,
Rodrigo Lang.
2010/6/29 Kenny Watson <kwatson at geniusgroupltd.com>
>
> Hi, you can use fail2ban
http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asteri...
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
--00c09f899ace0e45c7048a2eb483
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<p>If I didn't have fail2ban, I would have way over 20k of these
entries in my asterisk log.<br></p>
<p>Zeeshan A Zakaria</p>
<p>--<br>
<a
href=3D"http://www.ilovetovoip.com">www.ilovetovoip.com</a></p>
<p><blockquote type=3D"cite">On 2010-06-29 1:36 PM,
"Rodrigo Lang" <<a
href=3D"mailto:rodrigoferreiralang at
gmail.com">rodrigoferreiralang@gmail.com</a>>
wrote:<br><br><span><span title=3D"Boa
tarde.">Good afternoon.
<br>
<br></span><span title=3D"Obrigado =E0 todos pelas
respostas.">Thanks to everyone for=20
answers.
</span><span title=3D"O que eu acho estranho =E9 o asterisk n=E3o
possuir=20
alguma ferramenta nativa =E0 ele para seguran=E7a do servidor SIP.">What
I find strange is=20
the asterisk does not have any native tool for him to SIP server=20
security.
</span><span title=3D"Segue um exemplo do syslog messages do=20
asterisk:">Here's an example of the=20
syslog messages from asterisk:
<br>
<br></span><span style=3D"background-color:rgb(255, 255,
255)" title=3D"[Jun 15 03:05:46] NOTICE[25284] chan_sip.c:
Registration from=20
'"213" <sip:213 at
my_extern_ip>' failed for=20
'116.124.128.82' - Wrong password">[Jun 15 03:05:46]
NOTICE=20
[25284] chan_sip.c: Registration from '"213"=20
<sip:213 at my_extern_ip>' failed for '116
.124.128.82 '- Wrong=20
password
<br></span><span style=3D"background-color:rgb(255, 255,
255)" title=3D"[Jun 15 03:05:46] NOTICE[25284] chan_sip.c:
Registration from=20
'"213" <sip:213 at
my_extern_ip>' failed for=20
'116.124.128.82' - Wrong password">[Jun 15 03:05:46]
NOTICE=20
[25284] chan_sip.c: Registration from '"213"=20
<sip:213 at my_extern_ip>' failed for '116
.124.128.82 '- Wrong=20
password
<br></span><span style=3D"background-color:rgb(255, 255,
255)" title=3D"[Jun 15 03:05:46] NOTICE[25284] chan_sip.c:
Registration from=20
'"213" <sip:213 at
my_extern_ip>' failed for=20
'116.124.128.82' - Wrong password">[Jun 15 03:05:46]
NOTICE=20
[25284] chan_sip.c: Registration from '"213"=20
<sip:213 at my_extern_ip>' failed for '116
.124.128.82 '- Wrong=20
password
<br></span><span style=3D"background-color:rgb(255, 255,
255)" title=3D"[Jun 15 03:05:46] NOTICE[25284] chan_sip.c:
Registration from=20
'"213" <sip:213 at
my_extern_ip>' failed for=20
'116.124.128.82' - Wrong password">[Jun 15 03:05:46]
NOTICE=20
[25284] chan_sip.c: Registration from '"213"=20
<sip:213 at my_extern_ip>' failed for '116
.124.128.82 '- Wrong=20
password
<br></span><span style=3D"background-color:rgb(255, 255,
255)" title=3D"[Jun 15 03:05:46] NOTICE[25284] chan_sip.c:
Registration from=20
'"213" <sip:213 at
my_extern_ip>' failed for=20
'116.124.128.82' - Wrong password">[Jun 15 03:05:46]
NOTICE=20
[25284] chan_sip.c: Registration from '"213"=20
<sip:213 at my_extern_ip>' failed for '116
.124.128.82 '- Wrong=20
password
<br></span><span style=3D"background-color:rgb(255, 255,
255)" title=3D"[Jun 15 03:05:46] NOTICE[25284] chan_sip.c:
Registration from=20
'"213" <sip:213 at
my_extern_ip>' failed for=20
'116.124.128.82' - Wrong password">[Jun 15 03:05:46]
NOTICE=20
[25284] chan_sip.c: Registration from '"213"=20
<sip:213 at my_extern_ip>' failed for '116
.124.128.82 '- Wrong=20
password
<br></span><span style=3D"background-color:rgb(255, 255,
255)" title=3D"[Jun 15 03:05:46] NOTICE[25284] chan_sip.c:
Registration from=20
'"213" <sip:213 at
my_extern_ip>' failed for=20
'116.124.128.82' - Wrong password">[Jun 15 03:05:46]
NOTICE=20
[25284] chan_sip.c: Registration from '"213"=20
<sip:213 at my_extern_ip>' failed for '116
.124.128.82 '- Wrong=20
password
<br></span><span style=3D"background-color:rgb(255, 255,
255)" title=3D"[Jun 15 03:05:46] NOTICE[25284] chan_sip.c:
Registration from=20
'"213" <sip:213 at
my_extern_ip>' failed for=20
'116.124.128.82' - Wrong password">[Jun 15 03:05:46]
NOTICE=20
[25284] chan_sip.c: Registration from '"213"=20
<sip:213 at my_extern_ip>' failed for '116
.124.128.82 '- Wrong=20
password
<br>
<br>
</span><span style=3D"background-color:rgb(255, 255, 255)"
title=3D"Pelo que contei existe em torno de vinte mil registros desse em=20
uma hora.">From what I told there is
around twenty thousand records that at one time. </span><span
title=3D"E=20
pelo menos uma vez por semana eu recebo um ataque desses vindo de um ip=20
diferente.">And at least once a week I
receive such an attack coming from a different ip.
</span></span><br><br><span><span
title=3D"">I will=20
read the articles. </span><span title=3D"">Thanks again to
everyone.<br><br><br></span><span
title=3D"">Regards,<br></span><span
title=3D"">Rodrigo
Lang.<br><br></span></span><br><div
class=3D"gmail_quote">2010/6/29 Kenny Watson <span
dir=3D"ltr"><<a href=3D"mailto:kwatson at
geniusgroupltd.com" target=3D"_blank">kwatson at
geniusgroupltd.com</a>></span><p>
<font color=3D"#500050"><br>><br>> Hi,
you can use fail2ban <a
href=3D"http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asteri.">http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asteri.</a>..</font></p>
</div><br>
<br>--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a
href=3D"http://www.api-digital.com"
target=3D"_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 <a
href=3D"http://www.asterisk.org/hello"
target=3D"_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
=A0 <a
href=3D"http://lists.digium.com/mailman/listinfo/asterisk-users"
target=3D"_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br></blockquote></p>
--00c09f899ace0e45c7048a2eb483--