2 thoughts on - Hacking Attempt, Asterisk 1.4

  • Assuming that it’s the AGI script that is the bottleneck, how about simply checking in the dialplan that the ${CALLERID(num)} is different from ${EXTEN}
    before executing the AGI script?


    AJS

    Answers come *after* questions.

  • I have this in my extensions.conf :-

    [default]
    ; all unauthenticated connection attempts from the internet come in here. exten => _[+*#0-9].,1,NoOp(Unauthenticated call attempt –
    ${SIP_HEADER(Contact)})
    exten => _[+*#0-9].,n,Congestion

    Then in fail2ban I have the extra line added to the failregex so it is now :-

    failregex = Registration from .* failed for \’\’ – Wrong password
    Registration from .* failed for \’
    \’ – No matching
    Unauthenticated call attempt .*\@
    \:

    That seems to work pretty well for me. Assuming the attacks are unauthenticated why are you accepting them and running an AGI script and not rejecting them earlier?
    If you need to allow anonymous inbound calls (which is required in some cases) then I would have the AGI detect them and write an output to verbose() with the SIP_HEADER(Contact) or any other header which correctly indicated the origin of the packet.