VoIP Mailing List Archives

[motty.cruz at gmail.com]

Hello, 
recently I have seen spike in attacks on my asterisk server, this is what I get on the LCD of my phone: 201@76.220.5.205 (201@76.220.5.205)
or calls from 1000 sip1000@76.2230.5.205 (1000@76.2230.5.205),



have any idea on how to stop this calls? 


Thanks, 

[will at willwh.com]

I would simply drop all traffic from the IP at the firewall.
William Hetheringtonw - www.willwh.com
t - @wmwh




On Mon, May 12, 2014 at 2:43 PM, motty cruz <motty.cruz@gmail.com (motty.cruz@gmail.com)> wrote:

[EWieling at nyigc.com]

If the attacks are direct (rather than through Asterisk) and you have a Polycom phone, check around page 522 of the firmware 4.0 admin guide.

If the attacks are directed at your Asterisk then you should use fail2ban to dynamically block attackers.

If the attacks are coming to your phone via Asterisk then you have a security issue in your Asterisk config.

-----Original Message-----
From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of motty cruz
Sent: Monday, May 12, 2014 5:43 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: [asterisk-users] Asterisk 1.8.22

Hello,
recently I have seen spike in attacks on my asterisk server, this is what I get on the LCD of my phone: 201@76.220.5.205

or calls from 1000 sip1000@76.2230.5.205,


have any idea on how to stop this calls?


Thanks,
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

[mdupuis at ocg.ca]

Another alternative is SecAst (Asterisk intrusion detection system). Grab the free version from www.generationd.com​



It does everything fail2ban does, plus you have the option of blocking IP's based on geograhic origin, detecting suspicious call patterns, etc.



-=M=-

All opinions posted are my own. But as an employee of GenerationD System my views are undoubtedly biased


From: asterisk-users-bounces@lists.digium.com <asterisk-users-bounces@lists.digium.com> on behalf of motty cruz <motty.cruz@gmail.com>
Sent: Monday, May 12, 2014 5:43 PM
To: Asterisk Users List
Subject: [asterisk-users] Asterisk 1.8.22

Hello,
recently I have seen spike in attacks on my asterisk server, this is what I get on the LCD of my phone: 201@76.220.5.205 (201@76.220.5.205)
or calls from 1000 sip1000@76.2230.5.205 (1000@76.2230.5.205),



have any idea on how to stop this calls?


Thanks,

[motty.cruz at gmail.com]

Thanks for your support, I will try your suggestions, 

will let you know how it goes, 


Thanks, 



On Tue, May 13, 2014 at 7:28 AM, Michelle Dupuis <mdupuis@ocg.ca (mdupuis@ocg.ca)> wrote:

[mikael at wiraya.com]

It's very likely someone scanning your asterisk for extensions to use for dialing out through your asterisk. Secure your asterisk and maybe create extensions that aren't practically possible to find through scanning.


Save logs from your asterisk of whenever an extension is called (if that is an option) and you will probably see them scanning from 1-1000 or more.



This is very common unfortunately, because too many asterisks are waiting to be hacked by automated scripts..


/Mikael







On 12 May 2014 23:43, motty cruz <motty.cruz@gmail.com (motty.cruz@gmail.com)> wrote: