Hi! You can also consider using fail2ban but it's more suitable to block bruteforce attempts.
On Tue, Aug 15, 2017, 11:56 PM Patrick Laimbock <patr...@laimbock.com> wrote: > Hi Mike, > > On 15-08-17 21:37, mdiehl wrote: > > Hi all, > > > > Lately, I've seen an increase in the number of attacks against my system > from the so-called "Friendly Scanner." When one of these script kiddies > targets my server, all I see for symptoms is a few of my trunks become > lagged due to server load and a stream of messages on the console that > resemble this: > [snip] > > I have to turn on sip debugging to find out who's hitting me. However, > I can't just leave it on because it would kill my logging system. > > > > So, how are other people handling this? Is there an AMI event I want > watch for? I watch for PeerStatus, but since there's no actual peer in the > attack, I don't seem to get an event from AMI. > > > > Any ideas? > > You can block sipvicious/friendly scanner in iptables with something like: > > -A INPUT -p udp --dport 5060 -m string --string "friendly-scanner" > --algo bm -j DROP > > You can also look at xtables with geoip to drop countries (per > destination port) that should not connect to your Asterisk box. It's a > big hammer but it works really well. > > Or put a proxy like Kamailio or OpenSIPS in front of the Asterisk box. > That's what the telco's/service providers do. > > HTH, > Patrick > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
