On Sun, Nov 28, 2010 at 12:24 PM, Steve Edwards <[email protected]> wrote: > On Sun, 28 Nov 2010, Silver Thorne wrote: > >> I have noticed lately that there have been several attempts to hack our >> Asterisk server. >> >> So, I am wondering if anyone has a firewall/IP tables statement that >> keep out unauthorised users? > > 0) Read the list archives, this comes up weekly. > > 1) Determine who (in terms of external IP addresses) should be allowed to > connect to your server. > > 2) Create a list of iptables commands to allow those IP addresses. > > 3) Deny everybody else. > > 4) Use 'fail2ban' or something similar to detect abusive addresses and > block them, if only for an [hour|day|week] or so. > > Even if you have 'mobile' users who 'need to connect from everywhere' you > can probably define 'everywhere' a bit better like 'not from North Korea' > or 'not from Africa' -- with suitable apologies to readers from North > Korea or Africa. > > -- > Thanks in advance, > ------------------------------------------------------------------------- > Steve Edwards [email protected] Voice: +1-760-468-3867 PST > Newline Fax: +1-760-731-3000 >
I agree with Steve, this is the safest way to tackle it. For the road warriors that demand an extension, I use SNOM 370VPN if they want to carry around a real phone or openvpn x-lite on their laptops. Thanks, Steve T -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
