Hi Jason, there are a few more of things more that you can do. 1. Change extension numbers to four digits (rather than 100 or 200 range) 2. Have outgoing routes password protected on International routes (Hackers love to go for expensive calls) 3. Set up a dummy outgoing route for numbers that you or your client will never dial(so your hacker will just get reorder tone) 4. Use time conditions to shutdown non-local outbound routes after business hours or during the night.
The above steps will probably frustrate a hacker enough to give up and try someone else. On Tue, Aug 24, 2010 at 12:23 PM, Aloysius Lloyd <[email protected]>wrote: > Jason, > > what is the version of Asterisk u r using. Can you explain your > current environment. > > Secure the Environment Implement the > > 1. Fail2Ban > 2. Deny Hosts > > Also as Duane mention use the keys. Also change the default SSH port 22 to > something else. > > Thanks > Lloyd > > > > > > On Tue, Aug 24, 2010 at 12:09 PM, Jason Rose <[email protected]> wrote: > > > I was just wondering if anyone is keeping a local database of troublesome > > IP > > addresses? > > Im in my server now and noticed yet another attempt from a different IP, > > this > > one bruteforced extensions, then passwords - luckly I hardened all of > mine > > last > > night! > > > > Also I now get an error "chan_sip.c:1948 retrans_pkt: Maximum retries > > exceeded > > on transmission" and all of my calls hang up after appx 2 seconds, the > only > > changes I made were: > > > > 1) changing passwords (all hard phones have been updated) > > 2) iptables -A INPUT -s 93.114.196.160 -j DROP > > 3) iptables -A OUTPUT -d 93.114.196.160 -j DROP > > 4) added both IPs to the hosts.deny file > > > > > > I cannot seem to make the system work now!?! > > > > Any help is much appreciated! > > > > Thanks, > > Jason > -- *Henry L. Coleman* *http://dragnetics.com* <http://dragnetics.com>
