asterisk users - Mar 2009 - SIP attacks

I have been receiving a lot of hack attempts today (home and work) 
multiple SIP registration requests (none of them managed to find a 
relevant username before fail2ban kicked in).

Is this happening to a lot of people now?

I only have SIP available externally for enum purposes, is it possible 
on a host which is specified as dynamic to choose a valid hostmask in 
sip.conf on a per peer/user basis?

TIA for any response to this.

On Wednesday 04 March 2009 11:34:23 Thomas Kenyon wrote:
> I have been receiving a lot of hack attempts today (home and work)
> multiple SIP registration requests (none of them managed to find a
> relevant username before fail2ban kicked in).
>
> Is this happening to a lot of people now?
>
> I only have SIP available externally for enum purposes, is it possible
> on a host which is specified as dynamic to choose a valid hostmask in
> sip.conf on a per peer/user basis?
>
> TIA for any response to this.
Yes, you can use the permit/deny labels to specify an IP mask that is eligible
to authenticate:
deny=0.0.0.0/0
permit=192.168.0.0/16
permit=172.16.0.0/12
permit=10.0.0.0/8

By the way, after the slash, you can use either CIDR notation or a netmask.

-- 
Tilghman

Tilghman Lesher wrote:
> 
> Yes, you can use the permit/deny labels to specify an IP mask that is
eligible
> to authenticate:
> deny=0.0.0.0/0
> permit=192.168.0.0/16
> permit=172.16.0.0/12
> permit=10.0.0.0/8
> 
> By the way, after the slash, you can use either CIDR notation or a netmask.
> 
Thanks.