Hi All, I see this kind of attack on our Asterisk Server, do you know how to block that IP? [Sep 4 07:41:06] NOTICE[7375]: chan_sip.c:23375 handle_request_invite: Call from '' (213.136.81.166:9306) to extension '34422' rejected because extension not found in context 'default'. Thanks in advance, -Motty -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140904/8400f697/attachment.html>
Patrick Laimbock
2014-Sep-04 14:56 UTC
[asterisk-users] Asterisk secure fine tune - stop attack
On 04-09-14 16:44, motty cruz wrote:> Hi All, > I see this kind of attack on our Asterisk Server, do you know how to > block that IP? > > [Sep 4 07:41:06] NOTICE[7375]: chan_sip.c:23375 handle_request_invite: > Call from '' (213.136.81.166:9306 <http://213.136.81.166:9306>) to > extension '34422' rejected because extension not found in context 'default'.Have a look at Fail2ban: http://www.fail2ban.org/wiki/index.php/Main_Page HTH, Patrick
Thorsten Göllner
2014-Sep-04 14:58 UTC
[asterisk-users] Asterisk secure fine tune - stop attack
Am 04.09.2014 16:44, schrieb motty cruz:> Hi All, > I see this kind of attack on our Asterisk Server, do you know how to > block that IP? > > [Sep 4 07:41:06] NOTICE[7375]: chan_sip.c:23375 > handle_request_invite: Call from '' (213.136.81.166:9306 > <http://213.136.81.166:9306>) to extension '34422' rejected because > extension not found in context 'default'. >You should not invest time in blocking single IPs. Take a look at "fail2ban". http://www.fail2ban.org/wiki/index.php/Asterisk -Thorsten- -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140904/d53b9cd5/attachment.html>
On Thursday 04 Sep 2014, motty cruz wrote:> Hi All, > I see this kind of attack on our Asterisk Server, do you know how to block > that IP?Instead of blocking unwanted IPs, you should be permitting only wanted IPs. -- AJS Note: Originating address only accepts e-mail from list! If replying off- list, change address to asterisk1list at earthshod dot co dot uk .