Author Topic: Asterisk Hacking Attempts, Firewall letting attack through somehow?  (Read 2015 times)

davegravy

  • Addicted
  • *
  • Posts: 551
    • View Profile
A bit stumped by this. Alblasco can you help me out?

I launched the asterisk console (asterisk -r) and was barraged with multiple instances of this message:

[Nov 24 20:10:38] NOTICE[3002]: chan_sip.c:24905 handle_request_register: Registration from '"3551" <sip:3551@MYIP-censored>' failed for '195.154.32.252:5763' - No matching peer found

195.154.32.252 comes up in google as a known malicious IP

I used to have SIP ports open to external but as a result of this disabled them.  The attack is still somehow getting through.

I managed to block the attack using

Code: [Select]
iptables -A BLOCKLIST -s 195.154.32.252 -j DROP





cfernandes

  • Guru
  • ****
  • Posts: 359
    • View Profile
    • my company web site
Re: Asterisk Hacking Attempts, Firewall letting attack through somehow?
« Reply #1 on: November 25, 2014, 04:15:20 pm »
Hi ,

in my installation  i use  fail2ban to protect from brute force

you can use this steps  to configure

http://wiki.linuxmce.org/index.php/Fail2ban_-_A_tool_against_brute_force