Asterisk Security

Techstyle · January 11, 2013, 07:28:05 PM

is Asterisk in LMCE 10.04 vunerable to brute force attacks?

there was a period earlier where lots of people were being billed for hacked calls, is security better now or is it still suggested to use something like fail2ban?

cfernandes · January 11, 2013, 07:31:07 PM

i use fail2ban to protect all off my servers from brute force attacks.

Techstyle · January 11, 2013, 07:48:22 PM

Thank You

Can you confirm that the wiki page for this is correct?

http://wiki.linuxmce.org/index.php/Fail2ban_-_A_tool_against_brute_force

should the ignore IP line look like:

ignoreip = 127.0.0.1 192.168.80.1 192.168.80.0/254

cfernandes · January 11, 2013, 07:56:12 PM

the wiki is correct.

and work on my last instalation

pw44 · January 11, 2013, 08:42:27 PM

Quote from: Techstyle on January 11, 2013, 07:48:22 PM

Can you confirm that the wiki page for this is correct?

http://wiki.linuxmce.org/index.php/Fail2ban_-_A_tool_against_brute_force

should the ignore IP line look like:

ignoreip = 127.0.0.1 192.168.80.1 192.168.80.0/254

The wiki is correct, i tested it again with lmce 10.04. I created it while using lmce 8.10.
The ignoreip will make fail2ban ignore the given ip's or blocks, so ip's in your network will not be blocked by fail2ban in case of successive failed tries..

Techstyle · January 12, 2013, 04:21:12 AM

so I failed on the second step:

/etc/asterisk/sip.conf doesn't exist

cfernandes · January 12, 2013, 12:44:26 PM

you no need to change sip.conf

this change is implemented on asterisk realtime database by Foxi.

microbrain · January 13, 2013, 02:24:00 AM

I use CSF firewall on all my servers to protect them. Very easy to set up and offers a little more flexibility and a lot more features than fail2ban does. Install webmin first (http://prdownloads.sourceforge.net/webadmin/webmin-1.580-1.noarch.rpm) then,
CSF (http://www.configserver.com/free/csf.tgz).

I have had no issues with any of my servers including brute force attacks on those with asterisk installed since using CSF.

microbrain

pw44 · January 13, 2013, 11:40:07 PM

Quote from: Techstyle on January 12, 2013, 04:21:12 AM
so I failed on the second step:

/etc/asterisk/sip.conf doesn't exist

You can enter it in the asterisk database, table ast_config, mine looks like:
Edit Delete 83 0 18 0 sip.conf general alwaysauthreject yes

Techstyle · January 14, 2013, 06:35:30 AM

cfernandes

thanks for updating the wiki page

pw44 · February 23, 2013, 11:15:25 PM

Wiki http://wiki.linuxmce.org/index.php/Fail2ban_-_A_tool_against_brute_force was updated for asterisk 1.8. As asterisk 1.8 logs includes the host IP and the port, fail2ban was not blocking attackers IP.
For the ones using lmce 1004, please update the fail2ban configuration file according the the wiki example.
For lmce 810, no change is needed.

LinuxMCE Forums

News:

Asterisk Security

Techstyle

cfernandes

Techstyle

cfernandes

pw44

Techstyle

cfernandes

microbrain

pw44

Techstyle

pw44