search for: enablesecur

...and reactive. Here is a fail2ban recipe ( http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk ) which might allow you to ban endpoints based on volume of requests. If you'd like to see an example of the tools that you're up against, see this demo video (http://enablesecurity.com/products/enablesecurity-voippack-sipautohack-demo/ ) of an automated attack tool that does scan, guess, and crack methods via a click-and-drool interface. In summary: basic security measures will protect you against the vast majority of SIP-based brute-force attacks. Most of the SIP a...

http:/www.theregister.co.uk/2017/09/01/asterisk_admin_patch/ -- Dave Topping e: info at dntopping.uk t: 03445 888 888 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170901/ae060564/attachment.html>

...cking > all RTP so people can't actually place calls. It's certainly a > challenge. > > This is one of the things that WebRTC got right - information is > conveyed that allows you to verify that the sender of media is who you > expect. > > [1] > https://github.com/EnableSecurity/advisories/tree/master/ES2017-04- > asterisk-rtp-bleed As Josh mentioned this is an issue with RTP and the SDP and when customers use NAT you need a way to figure out what their external RTP IP is. One option is to use IPv6 so the IP in the SDP is the one and only IP the media should be com...