On Sat, 18 Jan 2014, Jerry Geis wrote:
I see MANY of these in my log files:
[Jan 15 03:06:12] NOTICE[14129] chan_sip.c: Registration from '"202"
<sip:202@X:5060>' failed for '37.8.12.147:26832' - Wrong password
What is the "correct" way to block these idiots so they
don't even get this far.
Use iptables to allow packets from your legitimate users, block everybody
else.
If you are dealing with a mobile user base or an extensive geographic
area, at least block the countries where you do not expect traffic --
North Korea, China, xxxistan, etc.
Drop these at the front door (90% of the problem) and use fail2ban to pick
off the rest.
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users