Re: [asterisk-users] Attack on Sip server.

2014-07-01 Thread Hans Witvliet
On Fri, 2014-06-27 at 22:24 +0530, Anurag Rana wrote: > > iptables -I INPUT 1 -p tcp --dport 5060 -m string > --string "VaxSIPUserAgent" --algo bm -j DROP > > You make a fundamental mistake here. Fi

Re: [asterisk-users] Attack on Sip server.

2014-06-29 Thread Andres
iptables -I INPUT 1 -p tcp --dport 5060 -m string --string "VaxSIPUserAgent" --algo bm -j DROP Its something like this Registration from '"30" failed for '192.168.xxx.xxx:6373' - Wrong Password and there are approx 10 request per minute of this type. Please suggest some way to stop this.

Re: [asterisk-users] Attack on Sip server.

2014-06-29 Thread Michelle Dupuis
N Cc: Asterisk Users List Subject: Re: [asterisk-users] Attack on Sip server. I added bot rules TCP as well as UDP. Still not working. How changing SIP listen port will prevent it. Please explain. I will try fail2band. On Fri, Jun 27, 2014 at 8:16 PM, Prakash N mailto:prakas...@tevatel.com

Re: [asterisk-users] Attack on Sip server.

2014-06-27 Thread Steve Edwards
Please don't top-post. Please trim posts to the specific post you are replying to. On Fri, 27 Jun 2014, Anurag Rana wrote: Can't use anything which block IP addresses because my system is behind a gateway and attacker gets the address of that gateway. In this way I will end up blocking myself

Re: [asterisk-users] Attack on Sip server.

2014-06-27 Thread Anurag Rana
Ok. Thanks. :) On Fri, Jun 27, 2014 at 11:05 PM, Mitul Limbani wrote: > No way out. Fix ur gateway which is masquerading out to in traffic. > > And do some research as others mentioned instead of expecting quick fix. > > Mitul > On 27-Jun-2014 10:45 PM, "Anurag Rana" wrote: > >> Can't use anyt

Re: [asterisk-users] Attack on Sip server.

2014-06-27 Thread Mitul Limbani
No way out. Fix ur gateway which is masquerading out to in traffic. And do some research as others mentioned instead of expecting quick fix. Mitul On 27-Jun-2014 10:45 PM, "Anurag Rana" wrote: > Can't use anything which block IP addresses because my system is behind a > gateway and attacker get

Re: [asterisk-users] Attack on Sip server.

2014-06-27 Thread Anurag Rana
Can't use anything which block IP addresses because my system is behind a gateway and attacker gets the address of that gateway. In this way I will end up blocking myself. Please suggest something else. On Fri, Jun 27, 2014 at 10:24 PM, Anurag Rana wrote: > Right Mitul. System is behind some g

Re: [asterisk-users] Attack on Sip server.

2014-06-27 Thread Anurag Rana
Right Mitul. System is behind some gateway. On Fri, Jun 27, 2014 at 10:06 PM, Mitul Limbani wrote: > I think your asterisk server is behind firewall or some sort of NAT where > the out to in packets are getting masqueraded with local or DMZ IP of your > firewall / gateway box. > > Fix this fir

Re: [asterisk-users] Attack on Sip server.

2014-06-27 Thread Prakash N
: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Attack on Sip server. Both Rules* (typo in last mail) On Fri, Jun 27, 2014 at 8:19 PM, Anurag Rana wrote: > I added bot rules TCP as well as UDP. Still not working. > > How changing SIP listen

Re: [asterisk-users] Attack on Sip server.

2014-06-27 Thread Mitul Limbani
I think your asterisk server is behind firewall or some sort of NAT where the out to in packets are getting masqueraded with local or DMZ IP of your firewall / gateway box. Fix this first to get fail2ban detect the correct public IP. Otherwise fail2ban will ban your local GW IP due to which you

Re: [asterisk-users] Attack on Sip server.

2014-06-27 Thread Jai Rangi
Anurag, Here is small script, that will check your logs and will block the IPs. http://www.didforsale.com/blog/is-your-asterisk-system-under-heavy-attack This is good if you dont expect any registration. If you do have some valid registration, you might want to add some counter to see how time IP

Re: [asterisk-users] Attack on Sip server.

2014-06-27 Thread andrew Colin
] Attack on Sip server. Hi, Change the protocol from tcp to udp in iptables. ~Arun On 27 Jun 2014 20:07, "Anurag Rana" wrote: Hi All. Someone is attacking on my SIP server. There are lot of requests coming in and I am not able to stop it because I am unable to detect the IP addres

Re: [asterisk-users] Attack on Sip server.

2014-06-27 Thread Prakash N
: Prakash N Cc: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Attack on Sip server. I added bot rules TCP as well as UDP. Still not working. How changing SIP listen port will prevent it. Please explain. I will try fail2band. On Fri, Jun 27, 2014 at 8:16 PM

Re: [asterisk-users] Attack on Sip server.

2014-06-27 Thread Ron Wheeler
.com> Subject: [asterisk-users] Attack on Sip server. Hi All. Someone is attacking on my SIP server. There are lot of requests coming in and I am not able to stop it because I am unable to detect the IP address. I used wireshark to capture the packets

Re: [asterisk-users] Attack on Sip server.

2014-06-27 Thread Eric Wieling
, June 27, 2014 10:58 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Attack on Sip server. On 27 Jun 2014, at 15:37, Anurag Rana mailto:anuragrana31...@gmail.com>> wrote: There are lot of requests coming in and I am not able to stop it becaus

Re: [asterisk-users] Attack on Sip server.

2014-06-27 Thread Markus Weiler
very simple, yet effective http://www.palner.com/blog/171/asterisk-no-matching-peer-found-block/ Am 27.06.2014 16:58, schrieb Steven Howes: On 27 Jun 2014, at 15:37, Anurag Rana > wrote: There are lot of requests coming in and I am not able to stop it because

Re: [asterisk-users] Attack on Sip server.

2014-06-27 Thread Steven Howes
On 27 Jun 2014, at 15:37, Anurag Rana wrote: > There are lot of requests coming in and I am not able to stop it because I am > unable to detect the IP address. > I used wireshark to capture the packets. If you can capture the packet, surely you have the IP? If they intend to get the response t

Re: [asterisk-users] Attack on Sip server.

2014-06-27 Thread Anurag Rana
; To: Asterisk Users Mailing List - Non-Commercial Discussion >> >> Subject: [asterisk-users] Attack on Sip server. >> >> >> Hi All. >> >> Someone is attacking on my SIP server. >> There are lot of requests coming in and I am not able to stop it because &

Re: [asterisk-users] Attack on Sip server.

2014-06-27 Thread Anurag Rana
t; With regards > > N.Prakash > -- > From: Anurag Rana > Sent: ‎27-‎06-‎2014 08:07 PM > To: Asterisk Users Mailing List - Non-Commercial Discussion > > Subject: [asterisk-users] Attack on Sip server. > > > Hi All. > > Someone is attacking o

Re: [asterisk-users] Attack on Sip server.

2014-06-27 Thread Prakash N
Hi, Install fail2band and change sip listen port to avoid attack With regards N.Prakash -- From: Anurag Rana Sent: ‎27-‎06-‎2014 08:07 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [asterisk-users] Attack on Sip server. Hi All

Re: [asterisk-users] Attack on Sip server.

2014-06-27 Thread arun kumar
Hi, Change the protocol from tcp to udp in iptables. ~Arun On 27 Jun 2014 20:07, "Anurag Rana" wrote: > > Hi All. > > Someone is attacking on my SIP server. > There are lot of requests coming in and I am not able to stop it because I > am unable to detect the IP address. > I used wireshark

[asterisk-users] Attack on Sip server.

2014-06-27 Thread Anurag Rana
Hi All. Someone is attacking on my SIP server. There are lot of requests coming in and I am not able to stop it because I am unable to detect the IP address. I used wireshark to capture the packets. Although I am using very strong password for my SIP users but still is there any way to drop these