Hello All, my asterisk server is constantly under attack [Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 handle_request_register: Registration from '"4941" <sip:4941 at public_ip>' failed for '194.100.46.132 194.100.46.132:56714' - Wrong password [Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 handle_request_register: Registration from '"4941" <sip:4941 at public_ip>' failed for '194.100.46.132 194.100.46.132:56714' - Wrong password [Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 handle_request_register: Registration from '"4941" <sip:4941 at public_ip>' failed for '194.100.46.132 194.100.46.132:56714' - Wrong password [Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 handle_request_register: Registration from '"4941" <sip:4941 at public_ip>' failed for '194.100.46.132 194.100.46.132:56714' - Wrong password [Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 handle_request_register: Registration from '"4941" <sip:4941 at public_ip>' failed for '194.100.46.132 194.100.46.132:56714' - Wrong password is there a way to reject their registration after a three consecutive tries? Thanks, Call Send SMS Add to Skype You'll need Skype CreditFree via Skype -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140404/30c207fb/attachment.html>
I don't know what platform you are on, but if you are on Linux (and possibly BSD) you could use "fail2ban" to block them at the network interface. On 04/04/2014 09:00 AM, motty cruz wrote:> Hello All, my asterisk server is constantly under attack > > [Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 > handle_request_register: Registration from '"4941" > <sip:4941 at public_ip>' failed for '194.100.46.132194.100.46.132:56714' > - Wrong password > [Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 > handle_request_register: Registration from '"4941" > <sip:4941 at public_ip>' failed for '194.100.46.132194.100.46.132:56714' > - Wrong password > [Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 > handle_request_register: Registration from '"4941" > <sip:4941 at public_ip>' failed for '194.100.46.132194.100.46.132:56714' > - Wrong password > [Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 > handle_request_register: Registration from '"4941" > <sip:4941 at public_ip>' failed for '194.100.46.132194.100.46.132:56714' > - Wrong password > [Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 > handle_request_register: Registration from '"4941" > <sip:4941 at public_ip>' failed for '194.100.46.132194.100.46.132:56714' > - Wrong password > > is there a way to reject their registration after a three consecutive > tries? > > Thanks, > Call > Send SMS > Add to Skype > You'll need Skype CreditFree via Skype > >-- Daniel Taylor VP Operations Vocal Laboratories, Inc. dtaylor at vocalabs.com http://www.vocalabs.com/ (612)235-5711 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140404/7ce0a0aa/attachment.html>
On 4 April 2014 15:00, motty cruz <motty.cruz at gmail.com> wrote:> Hello All, my asterisk server is constantly under attack > >Unfortunately you are not alone.> [Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 handle_request_register: > Registration from '"4941" <sip:4941 at public_ip>' failed for '194.100.46.132 > 194.100.46.132:56714' - Wrong password > <sip:4941 at public_ip>' failed for '194.100.46.132194.100.46.132:56714' - > Wrong password > > is there a way to reject their registration after a three consecutive > tries? > >Check out fail2ban. Works well. Hope this helps. -Barry Flanagan Thanks,> Call > Send SMS > Add to Skype > You'll need Skype CreditFree via Skype > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140404/0ee8ed01/attachment.html>
Take a look a SecAst from www.generationd.com<http://www.generationd.com/> It does everything fail2ban does and more, including blocking users by geography (we exclude all of Asia and Africa), detection of break-in patterns (even if someone guessed your un/pw), detect changes in dial rates, etc. Grab the free version - its a BIG step up from fail2ban. -=Michelle=-? All opions posted are my person ones. And personnally I like generationd products because I work for them :) ________________________________ From: asterisk-users-bounces at lists.digium.com <asterisk-users-bounces at lists.digium.com> on behalf of motty cruz <motty.cruz at gmail.com> Sent: Friday, April 4, 2014 10:00 AM To: Asterisk Users List Subject: [asterisk-users] Asterisk 1.6 Hello All, my asterisk server is constantly under attack [Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 handle_request_register: Registration from '"4941" <sip:4941 at public_ip>' failed for '194.100.46.132[X]194.100.46.132:56714' - Wrong password [Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 handle_request_register: Registration from '"4941" <sip:4941 at public_ip>' failed for '194.100.46.132[X]194.100.46.132:56714' - Wrong password [Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 handle_request_register: Registration from '"4941" <sip:4941 at public_ip>' failed for '194.100.46.132[X]194.100.46.132:56714' - Wrong password [Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 handle_request_register: Registration from '"4941" <sip:4941 at public_ip>' failed for '194.100.46.132[X]194.100.46.132:56714' - Wrong password [Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 handle_request_register: Registration from '"4941" <sip:4941 at public_ip>' failed for '194.100.46.132[X]194.100.46.132:56714' - Wrong password is there a way to reject their registration after a three consecutive tries? Thanks, Call Send SMS Add to Skype You'll need Skype CreditFree via Skype -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140404/3e5e5246/attachment.html>
Use allowguest=no And define ACLs for every SIP account. And obviously, fail2ban for blocking suspicious IPs. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140404/28b0466b/attachment.html>