Rehan, Search the archive, I posted a method for this a few months back. It works well for sip at blocking ip's of people in the guest cotext who dial invalid extensions.
Regards, Elliot Pardon the typos, my Blackberry has small buttons. Elliot Otchet Calling Circles LLC ----- Original Message ----- From: [email protected] <[email protected]> To: Commercial and Business-Oriented Asterisk Discussion <[email protected]> Sent: Fri Sep 04 12:44:39 2009 Subject: Re: [asterisk-biz] A hacker attack on asterisk At least in the past Asterisk by default allows guest calls. I recommend the following: Put context=INVALID in [general] There's nothing special about the name, it just reminds me why I put it in there. If you want you can put a [INVALID] section of extensions.conf to catch unauthenticated calls. If you don't do this the call will just be rejected. As the LAST entry in iax.conf put [guest] with context=INVALID. I've not used IAX in a while, but for a long time any unauthenticated calls would match the last entry in iax.conf. Rehan Ahmed Allahwala wrote: > We have a customer who is facing this problem. > > There gateway asterisk to the termination side is being attacked by the > hacker. > > The gateway asterisk is using ip based authentication, and also iax user > name and password. > > The hacker is somehow able to send out the call out via the gateway > asterisk, faking the ip address. > > The FULL log does not show any trace of the call or the number which is > being called in the NODE Asterisk of which ip is being used, however the > log of the GATEWAY Asterisk shows that the call was made from the IP of > the NODE asterisk. > > Any suggestions, what they can use to do a further authentication for > this particular customer ? > > Rehan > > > > ------------------------------------------------------------------------ > > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > AstriCon 2009 - October 13 - 15 Phoenix, Arizona > Register Now: http://www.astricon.net > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- AstriCon 2009 - October 13 - 15 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz This message is intended only for the use of the individual (s) or entity to which it is addressed and may contain information that is privileged, confidential, and/or proprietary to Calling Circles LLC and its affiliates. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, forwarding or copying of this communication is prohibited without the express permission of the sender. If you have received this communication in error, please notify the sender immediately and delete the original message. _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- AstriCon 2009 - October 13 - 15 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
