, Dovid B [EMAIL PROTECTED] wrote:
- Original Message -
From: spectro [EMAIL PROTECTED]
To: Asterisk Users Mailing List - Non-Commercial Discussion
asterisk-users@lists.digium.com
Sent: Tuesday, July 01, 2008 8:02 PM
Subject: Re: [asterisk-users] sip extension compromised,need help
- Original Message -
From: spectro [EMAIL PROTECTED]
To: Asterisk Users Mailing List - Non-Commercial Discussion
asterisk-users@lists.digium.com
Sent: Tuesday, July 01, 2008 8:02 PM
Subject: Re: [asterisk-users] sip extension compromised,need help blocking
brute force attempts
On Mon, Jun 30, 2008 at 4:31 PM, Duncan Turnbull [EMAIL PROTECTED] wrote:
Specifically
http://asteriskcookbook.com/wiki/index.php/Asterisk_Brute_Force_Prevention
Cheers Duncan
This script look good but it doesn't work in my setup. My asterisk
does not generate a messages file, neither does
On Tue, Jul 01, 2008 at 11:13:27AM -0500, spectro wrote:
On Mon, Jun 30, 2008 at 4:31 PM, Duncan Turnbull [EMAIL PROTECTED] wrote:
Specifically
http://asteriskcookbook.com/wiki/index.php/Asterisk_Brute_Force_Prevention
Cheers Duncan
This script look good but it doesn't work in my
On Tue, Jul 1, 2008 at 11:19 AM, Tzafrir Cohen [EMAIL PROTECTED] wrote:
Fix your logger.conf, then.
--
Tzafrir Cohen
What am I missing?
[EMAIL PROTECTED] ~]# cat /etc/asterisk/logger.conf
;
; Logging Configuration
;
; In this file, you configure logging to files or to
; the
Hello, yesterday one of the extensions on my asterisk server got
compromised by brute-force attack. The attacker used it to try pull an
identity theft scam playing a recording from a bank your account has
been blocked due to unusual activity, please call this number...
Attacker managed to make
On Mon, 2008-06-30 at 11:15 -0500, spectro wrote:
I need a way to block that IP from connecting to my
asterisk server, please advice.
netfilter. aka iptables.
b.
signature.asc
Description: This is a digitally signed message part
___
-- Bandwidth
Do a reverse lookup on your attacker.
Then find their ISP.
Then file an abuse complaint.
On Mon, Jun 30, 2008 at 12:15 PM, spectro [EMAIL PROTECTED] wrote:
Hello, yesterday one of the extensions on my asterisk server got
compromised by brute-force attack. The attacker used it to try pull an
On Mon, Jun 30, 2008 at 1:31 PM, David Backeberg [EMAIL PROTECTED] wrote:
Do a reverse lookup on your attacker.
Then find their ISP.
Then file an abuse complaint.
already done, also filed a report with FBI cybercrime unit and setup
iptables to block incoming traffic from that IP.
My question
compromised, need help blocking
brute force attempts
Hello, yesterday one of the extensions on my asterisk server got
compromised by brute-force attack. The attacker used it to try pull an
identity theft scam playing a recording from a bank your account has
been blocked due to unusual activity, please call
better drop udp also.
Mark Hamilton wrote:
iptables -A INPUT -p tcp -s 74.52.112.162 -j DROP
Good luck.
Via: SIP/2.0/UDP
___
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
AstriCon 2008 - September 22 - 25 Phoenix,
You can use a hashtable to watch incoming traffic, sort it into
buckets based on its ip address, and take action accordingly. But
you'll need some method of sorting out legitimate traffic versus bad
traffic. You'll need to come up with some more characteristics than
just that something is
Someone should write an asterisk-centric document on this topic, it's
likely to become an issue someday. Sounds like a great subject for
VoIP USers Conference as well. Any volunteers?
/r
ssh hack detection is easy because each new bruteforce starts with a
tcp syn, so you can count them and
On 6/30/08, randulo [EMAIL PROTECTED] wrote:
Someone should write an asterisk-centric document on this topic, it's
likely to become an issue someday. Sounds like a great subject for
VoIP USers Conference as well. Any volunteers?
iptables string and limit matching could be a start, although
On Mon, Jun 30, 2008 at 5:10 PM, Kristian Kielhofner
[EMAIL PROTECTED] wrote:
Does anyone want to write a kernel module? ;)
The thing I was mentioning about hashing addresses is already in the
kernel, check out:
hashlimit on google,
or net/netfilter/xt_hashlimit.c in your favorite 2.6 kernel
PROTECTED] On Behalf Of Mark Hamilton
Sent: Tuesday, 1 July 2008 07:33
To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: Re: [asterisk-users] sip extension compromised,need help blocking
brute force attempts
iptables -A INPUT -p tcp -s 74.52.112.162 -j DROP
Good luck.
-Original
On 6/30/08, David Backeberg [EMAIL PROTECTED] wrote:
The thing I was mentioning about hashing addresses is already in the
kernel, check out:
hashlimit on google,
or net/netfilter/xt_hashlimit.c in your favorite 2.6 kernel source
The other cases you mention could be done with multiple
17 matches
Mail list logo