Text only | Text with Images

LinuxMCE Forums

General => Users => Topic started by: davegravy on November 25, 2014, 02:58:47 AM

Title: Asterisk Hacking Attempts, Firewall letting attack through somehow?
Post by: davegravy on November 25, 2014, 02:58:47 AM
A bit stumped by this. Alblasco can you help me out?

I launched the asterisk console (asterisk -r) and was barraged with multiple instances of this message:

[Nov 24 20:10:38] NOTICE[3002]: chan_sip.c:24905 handle_request_register: Registration from '"3551" <sip:3551@MYIP-censored>' failed for '195.154.32.252:5763' - No matching peer found

195.154.32.252 comes up in google as a known malicious IP

I used to have SIP ports open to external but as a result of this disabled them.  The attack is still somehow getting through.

I managed to block the attack using

Code Select
iptables -A BLOCKLIST -s 195.154.32.252 -j DROP





Title: Re: Asterisk Hacking Attempts, Firewall letting attack through somehow?
Post by: cfernandes on November 25, 2014, 04:15:20 PM
Hi ,

in my installation  i use  fail2ban to protect from brute force

you can use this steps  to configure

http://wiki.linuxmce.org/index.php/Fail2ban_-_A_tool_against_brute_force
Text only | Text with Images