Author Topic: Asterisk Security  (Read 1463 times)

Techstyle

  • Addicted
  • *
  • Posts: 674
    • View Profile
    • Techstyle UK Ltd.
Asterisk Security
« on: January 11, 2013, 07:28:05 pm »
is Asterisk in LMCE 10.04 vunerable to brute force attacks?

there was a period earlier where lots of people were being billed for hacked calls, is security better now or is it still suggested to use something like fail2ban?

cfernandes

  • Guru
  • ****
  • Posts: 288
    • View Profile
    • my company web site
Re: Asterisk Security
« Reply #1 on: January 11, 2013, 07:31:07 pm »
i use fail2ban to protect all off my servers from brute force attacks.

Techstyle

  • Addicted
  • *
  • Posts: 674
    • View Profile
    • Techstyle UK Ltd.
Re: Asterisk Security
« Reply #2 on: January 11, 2013, 07:48:22 pm »
Thank You

Can you confirm that the wiki page for this is correct?

http://wiki.linuxmce.org/index.php/Fail2ban_-_A_tool_against_brute_force

should the ignore IP line look like:

ignoreip = 127.0.0.1 192.168.80.1 192.168.80.0/254

cfernandes

  • Guru
  • ****
  • Posts: 288
    • View Profile
    • my company web site
Re: Asterisk Security
« Reply #3 on: January 11, 2013, 07:56:12 pm »
the wiki is correct.

and work on  my last instalation


pw44

  • Addicted
  • *
  • Posts: 653
    • View Profile
Re: Asterisk Security
« Reply #4 on: January 11, 2013, 08:42:27 pm »

Can you confirm that the wiki page for this is correct?

http://wiki.linuxmce.org/index.php/Fail2ban_-_A_tool_against_brute_force

should the ignore IP line look like:

ignoreip = 127.0.0.1 192.168.80.1 192.168.80.0/254

The wiki is correct, i tested it again with lmce 10.04. I created it while using lmce 8.10.
The ignoreip will make fail2ban ignore the given ip's or blocks, so ip's in your network will not be blocked by fail2ban in case of successive failed tries..

Techstyle

  • Addicted
  • *
  • Posts: 674
    • View Profile
    • Techstyle UK Ltd.
Re: Asterisk Security
« Reply #5 on: January 12, 2013, 04:21:12 am »
so I failed on the second step:

/etc/asterisk/sip.conf doesn't exist

cfernandes

  • Guru
  • ****
  • Posts: 288
    • View Profile
    • my company web site
Re: Asterisk Security
« Reply #6 on: January 12, 2013, 12:44:26 pm »
you no need to change sip.conf

this change is implemented on asterisk realtime database  by Foxi.


microbrain

  • Regular Poster
  • **
  • Posts: 31
    • View Profile
Re: Asterisk Security
« Reply #7 on: January 13, 2013, 02:24:00 am »
I use CSF firewall on all my servers to protect them. Very easy to set up and offers a little more flexibility and a lot more features than fail2ban does. Install webmin first (http://prdownloads.sourceforge.net/webadmin/webmin-1.580-1.noarch.rpm) then,
 CSF (http://www.configserver.com/free/csf.tgz).

I have had no issues with any of my servers including brute force attacks on those with asterisk installed since using CSF.


microbrain

pw44

  • Addicted
  • *
  • Posts: 653
    • View Profile
Re: Asterisk Security
« Reply #8 on: January 13, 2013, 11:40:07 pm »
so I failed on the second step:

/etc/asterisk/sip.conf doesn't exist

You can enter it in the asterisk database, table ast_config, mine looks like:
    Edit    Delete    83    0    18    0    sip.conf    general    alwaysauthreject    yes

Techstyle

  • Addicted
  • *
  • Posts: 674
    • View Profile
    • Techstyle UK Ltd.
Re: Asterisk Security
« Reply #9 on: January 14, 2013, 06:35:30 am »
cfernandes

thanks for updating the wiki page

pw44

  • Addicted
  • *
  • Posts: 653
    • View Profile
Re: Asterisk Security
« Reply #10 on: February 23, 2013, 11:15:25 pm »
Wiki http://wiki.linuxmce.org/index.php/Fail2ban_-_A_tool_against_brute_force was updated for asterisk 1.8. As asterisk 1.8 logs includes the host IP and the port, fail2ban was not blocking attackers IP.
For the ones using lmce 1004, please update the fail2ban configuration file according the the wiki example.
For lmce 810, no change is needed.