If you do a search on the list postings for the past yea,r and even in
the past 2 weeks, you will find much discussion on this topic.
Fail2Ban seems fairly effective
Complex user names and passwords really help
( assuming your hack attempts are with SIP ) sipvicious is most likely
the hackers tool of choice
A couple of entries in your Sip general section will also help
A default context that leads nowhere is advisable
The attempt could only be the first of many to come, from different IP
addresses
Google is your friend
John Novack
Silver Thorne wrote:
Forgive my ignorance on this as I am still fairly new to Asterisk.
I have noticed lately that there have been several attempts to hack
our Asterisk server. I see multiple attempts to log in with a
particular extension from the same IP address, perhaps hundreds of
times per second. It causes the overhead to spike to ~100%. It is more
of a pain in the ass than anything.
So far what I have been doing is adding a drop of this particular IP
address to my iptables configuration. This makes that particular one
stop and overhead drops back to normal.
What I would like to know is:
1. has anyone else seen this?
2. what is the best way of prevention?
We are awaiting our Cisco firewall, but I can implement a software
solution in the meantime (Shorewall).
So, I am wondering if anyone has a firewall/IP tables statement that
keep out unauthorised users? No one seems to get in as we use really
strong passwords. However, the attempts cause our Asterisk server to
grind almost to a halt. I cannot even connect with a SIP phone when
this happens.
Any words of wisdom for me?
Thanks!
Glen
--
Dog is my Co-pilot
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
