I think you're looking for Snort or Suricata. Presumably someone would have detections for asterisk by now?
-- Steve Yates ITS, Inc. mayak wrote on Sat, Jul 25 2015 at 7:31 am: > hi all, > > i have a number of asterisk instances behind pfsense -- 5060 is open to the > public, and of course, i have incessant attempts to make free calls. > > for the moment, i use an iptables rule: > > iptables --append local-external --protocol udp -m udp --sport 5060 -m string > -- > string "SIP/2.0 403 Forbidden" \ > --algo bm --to 66 -j LOG --log-ip-options --log-prefix "SIP ABUSE: 403: " > > > which inspects udp packets to discern who is trying to hack. enough errors in > the log, and the ip gets banned (digging into the packet is only way to > correctly > eliminate spoofing) _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold