Asterisk 1.6

Home » Asterisk Users » Asterisk 1.6
Asterisk Users 17 Comments

Hello All, my asterisk server is constantly under attack

[Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 handle_request_register:
Registration from ‘”4941″ ‘ failed for ‘194.100.46.132
194.100.46.132:56714’ – Wrong password
[Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 handle_request_register:
Registration from ‘”4941″ ‘ failed for ‘194.100.46.132
194.100.46.132:56714’ – Wrong password
[Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 handle_request_register:
Registration from ‘”4941″ ‘ failed for ‘194.100.46.132
194.100.46.132:56714’ – Wrong password
[Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 handle_request_register:
Registration from ‘”4941″ ‘ failed for ‘194.100.46.132
194.100.46.132:56714’ – Wrong password
[Apr 4 06:56:00] NOTICE[21745]: chan_sip.c:25673 handle_request_register:
Registration from ‘”4941″ ‘ failed for ‘194.100.46.132
194.100.46.132:56714’ – Wrong password

is there a way to reject their registration after a three consecutive tries?

Thanks, Call Send SMS
Add to Skype You’ll need Skype CreditFree via Skype

17 thoughts on - Asterisk 1.6

  • I don’t know what platform you are on, but if you are on Linux (and possibly BSD) you could use “fail2ban” to block them at the network interface.

  • Unfortunately you are not alone.

    Check out fail2ban. Works well.

    Hope this helps.

    -Barry Flanagan

    Thanks,

  • steal them from the freepbx setup.

    How many sip phones do you have outside your network? If few and in well-known IPs, consider limiting access to only those (and the sip provider you are using).

  • thank you all for your support. I am using Linux, I only have about 7 users outside our home network. I will learn fail2ban and will use it accordingly.

    again Thanks for your support.

  • That link points towards a precompiled binary, which could have literally
    *anything* lurking in it. I politely advise you to back away slowly, and break into a run when you think you are out of sight.

    Precompiled binaries without Source Code should be treated like a bottle of glowing green liquid labelled “drink me”, or an offer to come and look at some puppies. No reputable software supplier would object to showing you what is on the inside.

  • What you are saying is only open source software is safe? You have just excluded most software in use in the business world.

    We have installed Norton antivirus on all of our workstation; I don’t think Symantec will ever release the source code (since that would also show attackers how to get around it). Using the same logic releasing SecAst source would also seem foolish (and make it impossible for any commercial enterprise to sell software).

    I understand your point of view, and if your preference is to only use open source software that’s great. However, that doesn’t mean precompiled software is inherently dangerous or malevolent.

    -=Michelle=-

  • absolutely right A J, thanks for the heads up. I do not intent to implement that solution in production server, I hope to learn it first, build a test server and monitor for a few days or weeks.

    Thanks again,

  • IP addresses? If so, you can just lock down your SIP port to those 7 IPs explicitly in your IPTables configuration.

    Another option would be to change which port you’re running SIP on.

  • Hello Ishfaq, outside users usually travel around the country and connect from different network, so it won’t be possible to lock it down to specific IP.

    Thanks for your support.

  • If you know your users are all from with your country, or state, or even city, you could restrict geographic access in your secast.conf file like this:

    ruledefault=deny

    ruleexceptions=NA:CA:thank you all for your support. I am using Linux, I only have about 7 users outside our home network. I will learn fail2ban and will use it accordingly.

    again Thanks for your support.

    Do the 7 users outside of your home network always connect from the same IP addresses? If so, you can just lock down your SIP port to those 7 IPs explicitly in your IPTables configuration.

    Another option would be to change which port you’re running SIP on.

  • Use allowguest=no And define ACLs for every SIP account. And obviously, fail2ban for blocking suspicious IPs.

  • Shouldn’t the secast discussion be on the commercial list?

    Note that their free version works for five simultaneous calls-then the price goes ‘way up.

    –Don

    (Top posting ’cause that’s what’s already being done.)

    From: asterisk-users-bounces@lists.digium.com
    [mailto:asterisk-users-bounces@lists.digium.com] thank you all for your support. I am using Linux, I only have about 7 users outside our home network. I will learn fail2ban and will use it accordingly.

    again Thanks for your support.

    Do the 7 users outside of your home network always connect from the same IP
    addresses? If so, you can just lock down your SIP port to those 7 IPs explicitly in your IPTables configuration.

    Another option would be to change which port you’re running SIP on.

  • Another option we like, but i depends on your preferences is to run them over openvpn. Works for Mac, Linux and Windows clients.

    Since all out clients are under our control we use openvpn a lot and yealink and other phones have it built in so they can connect directly once initially setup

    Cheers Duncan