Forgive my ignorance on this as I am still fairly new to Asterisk.
I have noticed lately that there have been several attempts to hack our
Asterisk server. I see multiple attempts to log in with a particular
extension from the same IP address, perhaps hundreds of times per
second. It causes the overhead to spike to ~100%. It is more of a pain
in the ass than anything.
So far what I have been doing is adding a drop of this particular IP
address to my iptables configuration. This makes that particular one
stop and overhead drops back to normal.
What I would like to know is:
1. has anyone else seen this?
2. what is the best way of prevention?
We are awaiting our Cisco firewall, but I can implement a software
solution in the meantime (Shorewall).
So, I am wondering if anyone has a firewall/IP tables statement that
keep out unauthorised users? No one seems to get in as we use really
strong passwords. However, the attempts cause our Asterisk server to
grind almost to a halt. I cannot even connect with a SIP phone when this
Any words of wisdom for me?