In sip.conf change listen port 5060 to some other number like 7242 any number ,then restart asterisk . Register sip phone with listen port (7242)
Example Domain: 192.168.1.10:7242 With regards N.Prakash ------------------------------ From: Anurag Rana <anuragrana31...@gmail.com> Sent: 27-06-2014 08:19 PM To: Prakash N <prakas...@tevatel.com> Cc: Asterisk Users Mailing List - Non-Commercial Discussion <asterisk-users@lists.digium.com> Subject: Re: [asterisk-users] Attack on Sip server. I added bot rules TCP as well as UDP. Still not working. How changing SIP listen port will prevent it. Please explain. I will try fail2band. On Fri, Jun 27, 2014 at 8:16 PM, Prakash N <prakas...@tevatel.com> wrote: > Hi, > > Install fail2band and change sip listen port to avoid attack > > With regards > > N.Prakash > ------------------------------ > From: Anurag Rana <anuragrana31...@gmail.com> > Sent: 27-06-2014 08:07 PM > To: Asterisk Users Mailing List - Non-Commercial Discussion > <asterisk-users@lists.digium.com> > Subject: [asterisk-users] Attack on Sip server. > > > Hi All. > > Someone is attacking on my SIP server. > There are lot of requests coming in and I am not able to stop it because I > am unable to detect the IP address. > I used wireshark to capture the packets. > > Although I am using very strong password for my SIP users but still is > there any way to drop these packets and stop this attack. > > I tried dropping packet after matching some string (most of the packets > from attacker contains string 'VaxSIPUserAgent/3.1' ) but it failed. > Packets are still flowing in. > > iptables -I INPUT 1 -p tcp --dport 5060 -m string --string "VaxSIPUserAgent" > --algo bm -j DROP > > > Its something like this > > Registration from '"30" <sp:30@my_public_ip:5060> failed for > '192.168.xxx.xxx:6373' - Wrong Password > > and there are approx 10 request per minute of this type. > > Please suggest some way to stop this. > > > -- > Anurag Rana > http://newbie42.blogspot.in/ > On the trampoline of life's experiences, Striving towards a saintly life > in the midst of these materialistic turbulences. > > > -- Anurag Rana http://newbie42.blogspot.in/ On the trampoline of life's experiences, Striving towards a saintly life in the midst of these materialistic turbulences.
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
