Ok. Thanks. :)
On Fri, Jun 27, 2014 at 11:05 PM, Mitul Limbani <mi...@enterux.in> wrote: > No way out. Fix ur gateway which is masquerading out to in traffic. > > And do some research as others mentioned instead of expecting quick fix. > > Mitul > On 27-Jun-2014 10:45 PM, "Anurag Rana" <anuragrana31...@gmail.com> wrote: > >> Can't use anything which block IP addresses because my system is behind a >> gateway and attacker gets the address of that gateway. In this way I will >> end up blocking myself. >> >> Please suggest something else. >> >> >> On Fri, Jun 27, 2014 at 10:24 PM, Anurag Rana <anuragrana31...@gmail.com> >> wrote: >> >>> Right Mitul. System is behind some gateway. >>> >>> >>> On Fri, Jun 27, 2014 at 10:06 PM, Mitul Limbani <mi...@enterux.in> >>> wrote: >>> >>>> I think your asterisk server is behind firewall or some sort of NAT >>>> where the out to in packets are getting masqueraded with local or DMZ IP >>>> of your firewall / gateway box. >>>> >>>> Fix this first to get fail2ban detect the correct public IP. >>>> >>>> Otherwise fail2ban will ban your local GW IP due to which you won't be >>>> able to access the box even from your local network for ssh. >>>> >>>> Hope u know how to fix the firewall snat. >>>> >>>> Mitul >>>> On 27-Jun-2014 9:51 PM, "Jai Rangi" <jpra...@didforsale.com> wrote: >>>> >>>>> Anurag, >>>>> >>>>> Here is small script, that will check your logs and will block the >>>>> IPs. >>>>> >>>>> http://www.didforsale.com/blog/is-your-asterisk-system-under-heavy-attack >>>>> >>>>> This is good if you dont expect any registration. If you do have some >>>>> valid registration, you might want to add some counter to see how time IP >>>>> need to fail or how many different users IP is trying to register on >>>>> before >>>>> blocking the IP. >>>>> >>>>> Jai Rangi >>>>> www.didforslae.com >>>>> >>>>> >>>>> >>>>> On Fri, Jun 27, 2014 at 7:37 AM, Anurag Rana < >>>>> anuragrana31...@gmail.com> wrote: >>>>> >>>>>> >>>>>> Hi All. >>>>>> >>>>>> Someone is attacking on my SIP server. >>>>>> There are lot of requests coming in and I am not able to stop it >>>>>> because I am unable to detect the IP address. >>>>>> I used wireshark to capture the packets. >>>>>> >>>>>> Although I am using very strong password for my SIP users but still >>>>>> is there any way to drop these packets and stop this attack. >>>>>> >>>>>> I tried dropping packet after matching some string (most of the >>>>>> packets from attacker contains string 'VaxSIPUserAgent/3.1' ) but it >>>>>> failed. Packets are still flowing in. >>>>>> >>>>>> iptables -I INPUT 1 -p tcp --dport 5060 -m string --string >>>>>> "VaxSIPUserAgent" --algo bm -j DROP >>>>>> >>>>>> >>>>>> Its something like this >>>>>> >>>>>> Registration from '"30" <sp:30@my_public_ip:5060> failed for >>>>>> '192.168.xxx.xxx:6373' - Wrong Password >>>>>> >>>>>> and there are approx 10 request per minute of this type. >>>>>> >>>>>> Please suggest some way to stop this. >>>>>> >>>>>> >>>>>> -- >>>>>> Anurag Rana >>>>>> http://newbie42.blogspot.in/ >>>>>> On the trampoline of life's experiences, Striving towards a saintly >>>>>> life in the midst of these materialistic turbulences. >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> _____________________________________________________________________ >>>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>>>>> New to Asterisk? Join us for a live introductory webinar every Thurs: >>>>>> http://www.asterisk.org/hello >>>>>> >>>>>> asterisk-users mailing list >>>>>> To UNSUBSCRIBE or update options visit: >>>>>> http://lists.digium.com/mailman/listinfo/asterisk-users >>>>>> >>>>> >>>>> >>>>> -- >>>>> _____________________________________________________________________ >>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>>>> New to Asterisk? Join us for a live introductory webinar every Thurs: >>>>> http://www.asterisk.org/hello >>>>> >>>>> asterisk-users mailing list >>>>> To UNSUBSCRIBE or update options visit: >>>>> http://lists.digium.com/mailman/listinfo/asterisk-users >>>>> >>>> >>>> -- >>>> _____________________________________________________________________ >>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>>> New to Asterisk? Join us for a live introductory webinar every Thurs: >>>> http://www.asterisk.org/hello >>>> >>>> asterisk-users mailing list >>>> To UNSUBSCRIBE or update options visit: >>>> http://lists.digium.com/mailman/listinfo/asterisk-users >>>> >>> >>> >>> >>> -- >>> Anurag Rana >>> http://newbie42.blogspot.in/ >>> On the trampoline of life's experiences, Striving towards a saintly life >>> in the midst of these materialistic turbulences. >>> >>> >>> >> >> >> -- >> Anurag Rana >> http://newbie42.blogspot.in/ >> On the trampoline of life's experiences, Striving towards a saintly life >> in the midst of these materialistic turbulences. >> >> >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> New to Asterisk? Join us for a live introductory webinar every Thurs: >> http://www.asterisk.org/hello >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users >> > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- Anurag Rana http://newbie42.blogspot.in/ On the trampoline of life's experiences, Striving towards a saintly life in the midst of these materialistic turbulences.
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users