Luca Bertoncello
2015-Jun-09 18:43 UTC
[asterisk-users] Connecting peer if the peer is already connected
Hi list! I'm working hard to securing my Asterisk... Now I deleted all possibility to access the node as "anonymous" and every call through the proxy will be checked (just known peers are allowed to use it). Furthermore, I restricted the registration of my home phones to the Network I reserved for them and I changed the port on my Firewall, so that I don't use 5060 anymore. Now I have the problem for my cellphone... I need to register from almost any IP (at least in Europe), so I can't restrict it. Well, the password is NOT simple and random. Now, I tried to register the user of my cellphone using a PC, as my cellphone was already registered. And Asterisk accepted this registration... :( Unfortunately, I didn't found any option to restrict this try... How can I do it? And, very important, how can I trigger an event (Shell-Script) if someone tries to register as a peer, that is already registered or if the login was NOT successful, or even if my cellphone successfully registered (for example, to send me an E-Mail)? Thanks Luca Bertoncello (lucabert at lucabert.de)
A J Stiles
2015-Jun-10 07:36 UTC
[asterisk-users] Connecting peer if the peer is already connected
On Tuesday 09 Jun 2015, Luca Bertoncello wrote:> Now, I tried to register the user of my cellphone using a PC, as my > cellphone was already registered. > And Asterisk accepted this registration... :(Did you actually reboot the server, as opposed to simply reloading your firewall configuration and stopping and restarting asterisk? I've known some moderate to severe weirdnesses that seemed to be caused by the kernel remembering out-of-date routing details. (I'm sure there is a simple command that will flush and rebuild the kernel's routing information without needing the big red switch, but that was nearer .....)> Unfortunately, I didn't found any option to restrict this try... > How can I do it? And, very important, how can I trigger an event > (Shell-Script) if someone tries to register as a peer, that is already > registered or if the login was NOT successful, or even if my cellphone > successfully registered (for example, to send me an E-Mail)?Take a look at fail2ban. It monitors log files for error messages, and can add firewall rules to disconnect IP addresses involved in suspicious activity. -- AJS Note: Originating address only accepts e-mail from list! If replying off- list, change address to asterisk1list at earthshod dot co dot uk .
Luca Bertoncello
2015-Jun-10 07:42 UTC
[asterisk-users] Connecting peer if the peer is already connected
Zitat von A J Stiles <asterisk_list at earthshod.co.uk>:> On Tuesday 09 Jun 2015, Luca Bertoncello wrote: > >> Now, I tried to register the user of my cellphone using a PC, as my >> cellphone was already registered. >> And Asterisk accepted this registration... :( > > Did you actually reboot the server, as opposed to simply reloading your > firewall configuration and stopping and restarting asterisk? I've known some > moderate to severe weirdnesses that seemed to be caused by the kernel > remembering out-of-date routing details.Well, I'm not sure... But I can't remember to have configured somewhat for "accept more registration"... Reading an Answer in this list a couple of day ago, I thought, it is not allowed per default...>> Unfortunately, I didn't found any option to restrict this try... >> How can I do it? And, very important, how can I trigger an event >> (Shell-Script) if someone tries to register as a peer, that is already >> registered or if the login was NOT successful, or even if my cellphone >> successfully registered (for example, to send me an E-Mail)? > > Take a look at fail2ban. It monitors log files for error messages, > and can add > firewall rules to disconnect IP addresses involved in suspicious activity.This will not work, since the Firewall is NOT on the Server running Asterisk... Thanks Luca Bertoncello (lucabert at lucabert.de)