Board logo

標題: new hacker found [打印本頁]
作者: ckleea    時間: 2011-9-28 22:50     標題: new hacker found

85.195.93.234 a germany address tried to dial to Central America.
作者: 角色    時間: 2011-9-29 07:09

How do we block hacker with the linux box?

YH
作者: ckleea    時間: 2011-9-29 07:40

Use fail2ban
作者: ckleea    時間: 2011-9-29 07:59

I found this IP logon and do unusal dialling
作者: ckleea    時間: 2011-9-29 09:04

I have no idea how it login and dial out. Every bit needs different set of password.

Anyone it tries and does not result in serious injury.
作者: 角色    時間: 2011-9-30 22:40

In the sample of sip.conf, it shows
  1. ;       Especially note the following settings:
  2. ;               - allowguest (default enabled)
  3. ;               - permit/deny - IP address filters
  4. ;               - contactpermit/contactdeny - IP address filters for registrations
  5. ;               - context - Which set of services you offer various users
  6. ;
複製代碼
Therefore we can use allowguest, permit/deny, contactpermit/contactdeny to prevent hacker if we know their ip.

YH
作者: ckleea    時間: 2011-9-30 22:48

回復 6# 角色


    yes, I already make use of these.
作者: 角色    時間: 2011-9-30 22:50

I forgot the way to include a file which contains the blacklisted IP addresses. If you know, please let me know the method.

YH
作者: ckleea    時間: 2011-9-30 23:08

回復 8# 角色

I do it in the router firewall level which is more effectively. If you use it with asterisk or linux server, hacker already in your network.
作者: 角色    時間: 2011-9-30 23:11

Agree absolutely.

YH
作者: bubblestar    時間: 2011-10-1 00:21

I deploy my firewall mainly in router.  

BTW, what is the configuration format to deny multiple IP address in the layer of sip.conf of Asterisk ?  Use comma (,) semi-colon (;) or space between IP addresses ?
作者: 角色    時間: 2011-10-1 00:43

回復 11# bubblestar

I believe we have to read the source code to determine the configuration in detail.

YH
作者: ckleea    時間: 2011-10-1 09:51

I am wondering whether we should start switching to all non standard ports for SIP, IAX and RTP. This may help minimizing the risk of hacker port scanning and attempting to login
作者: ckleea    時間: 2011-10-19 13:29

I found a new one today

41.232.228.135

Africa IP range but not sure the country
作者: ckleea    時間: 2011-10-24 06:49

Another one today
108.59.5.148
作者: ckleea    時間: 2011-10-24 08:15

Fail2ban fails to work. My router needs a reboot for this to work



歡迎光臨 電訊茶室 (http://www.telecom-cafe.com/forum/) Powered by Discuz! 7.2