Hello,
I'm looking for some advice on securing Asterisk. Recently my servers been under several brute-force SIP attacks. I have several remote sites, as well as many roaming users, who may have PC softclients and/or SIP based hardphones. My first step will be to strengthen the passwords in use, and for the hardphones to restrict by IP address, but that still leaves the softphone quite widely open. Does Asterisk 1.6 have anything in it that can automatically block out an attacking IP, say if it receives several 20 or so failed attempts from that IP in x minutes? I haven't looked at Secure SIP in quite a while, is that now integrated into 1.6 ? One thing that's confusing me in my config, is that I thought that if I set NAT=no in sip.conf, then I wouldn't be able to connect to that SIP account unless I was on the local LAN, specified by locallan= However in some testing, I'm finding that I can still connect from an external SIP client. Also, I tried setting one SIP account from host=dynamic to host=<ipaddr>, and when that client tried to register, then Asterisk complained that the account wasn't supposed to be trying to register. My next step is also to upgrade my Asterisk itself up to the latest stable 1.6 Any other suggestions? Thanks, Adrian
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users