Re: [asterisk-users] Attack on Sip server.

[Ron Wheeler]

+1 fail2ban
Very easy and very effective.
On 27/06/2014 10:52 AM, Anurag Rana wrote:

Both Rules* (typo in last mail)

On Fri, Jun 27, 2014 at 8:19 PM, Anurag Rana <anuragrana31...@gmail.com <mailto:anuragrana31...@gmail.com>> wrote:

    I added bot rules TCP as well as UDP.  Still not working.

    How changing SIP listen port will prevent it. Please explain.

    I will try fail2band.


    On Fri, Jun 27, 2014 at 8:16 PM, Prakash N <prakas...@tevatel.com
    <mailto:prakas...@tevatel.com>> wrote:

        Hi,

        Install fail2band and change sip listen port to avoid attack

        With regards

        N.Prakash
        ------------------------------------------------------------------------
        From: Anurag Rana <mailto:anuragrana31...@gmail.com>
        Sent: ?27-?06-?2014 08:07 PM
        To: Asterisk Users Mailing List - Non-Commercial Discussion
        <mailto:asterisk-users@lists.digium.com>
        Subject: [asterisk-users] Attack on Sip server.


        Hi All.

        Someone is attacking on my SIP server.
        There are lot of requests coming in and I am not able to stop
        it because I am unable to detect the IP address.
        I used wireshark to capture the packets.

        Although I am using very strong password for my SIP users but
        still is there any way to drop these packets and stop this attack.

        I tried dropping packet after matching some string (most of
        the packets from attacker contains string
        'VaxSIPUserAgent/3.1' ) but it failed. Packets are still
        flowing in.

        iptables -I INPUT 1 -p tcp --dport 5060 -m string --string 
"VaxSIPUserAgent" --algo bm -j DROP


        Its something like this

        Registration from '"30" <sp:30@my_public_ip:5060> failed for
        '192.168.xxx.xxx:6373' - Wrong Password

        and there are approx 10 request per minute of this type.

        Please suggest some way to stop this.

-- Anurag Rana

        http://newbie42.blogspot.in/
        On the trampoline of life's experiences, Striving towards a
        saintly life in the midst of these materialistic turbulences.

-- Anurag Rana

    http://newbie42.blogspot.in/
    On the trampoline of life's experiences, Striving towards a
    saintly life in the midst of these materialistic turbulences.





--
Anurag Rana
http://newbie42.blogspot.in/

On the trampoline of life's experiences, Striving towards a saintly life in the midst of these materialistic turbulences.

--
Ron Wheeler
President
Artifact Software Inc
email: rwhee...@artifact-software.com
skype: ronaldmwheeler
phone: 866-970-2435, ext 102


-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users