News:

Rule #1 - Be Patient - Rule #2 - Don't ask when, if you don't contribute - Rule #3 - You have coding skills - LinuxMCE's small brother is available: http://www.agocontrol.com

Main Menu

Asterisk Hacking Attempts, Firewall letting attack through somehow?

Started by davegravy, November 25, 2014, 02:58:47 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

davegravy

November 25, 2014, 02:58:47 AM
A bit stumped by this. Alblasco can you help me out?

I launched the asterisk console (asterisk -r) and was barraged with multiple instances of this message:

[Nov 24 20:10:38] NOTICE[3002]: chan_sip.c:24905 handle_request_register: Registration from '"3551" <sip:3551@MYIP-censored>' failed for '195.154.32.252:5763' - No matching peer found

195.154.32.252 comes up in google as a known malicious IP

I used to have SIP ports open to external but as a result of this disabled them.  The attack is still somehow getting through.

I managed to block the attack using

Code Select
iptables -A BLOCKLIST -s 195.154.32.252 -j DROP





cfernandes

#1
November 25, 2014, 04:15:20 PM
Hi ,

in my installation  i use  fail2ban to protect from brute force

you can use this steps  to configure

http://wiki.linuxmce.org/index.php/Fail2ban_-_A_tool_against_brute_force
Print
Go Up Pages1
User actions