返回列表 發帖

Block hackers attack

I read this

Just in case anyone is using Blockhosts
(http://www.aczoom.com/blockhosts/) with their Linux servers and
Asterisk here are the rules necessary to block invalid users:


"asterisk-NoPeer":
r'Registration from .* failed for \'{HOST_IP}\' - No matching peer
found',

"asterisk-NoAuth":
r'Registration from .* failed for \'{HOST_IP}\' - Username/auth name
mismatch',

"asterisk-NoPass":
r'Registration from .* failed for \'{HOST_IP}\' - Wrong password',

       Just add these rules to your /etc/blockhosts.conf file.

Thank ckleea for providing the information to us!

YH

TOP

I am trying to use this setting on my centos-asterisk

TOP

本帖最後由 角色 於 2010-9-2 09:23 編輯

You meant your Asterisk always be attached by hackers?

YH

TOP

There are a lot of hacker want to enum my extension. Everyday, I check my log file, I can see those information.

TOP

That is why you hve to make your password very very long to get rid of those attacks.

YH

TOP

But the log will tell you which ip attacks your server. When you put the ips in the blacklist of hosts.allow. It will drops their connection.

TOP

I am certain that hackers will change thier IPs frequently to invade their target system, not necessary using their own IP but making use of other innocent IP ranges on purpose resulting in  DoS (Denial of Service).

On the other hand, your log blacklist may become larger and larger someday later that will  also create certain degree of burgen on your own system.

Anyhow, doing something is better than doing nothing, at least in this stage.  

TOP

After setting "alwaysauthreject=yes allowguest=no " each ip can try two extension only.

TOP

Cool !  Thanks for the information.  It sounds very simple to set up.  Hope it is effective.

TOP

Taking IP-01 as an example, I found its "älwaysauthreject=yes" already a default.  It means that what I need to do is to change "ällowguest=no".

TOP

You may elimilate the chances of being hacked by setting
  1. alwaysauthreject=yes
複製代碼
in sip.conf. For details, you may take a look at the following website:

http://www.dslreports.com/forum/ ... sk-hacking-attempts

YH

TOP

Switchfin will have permit and deny for peers and trunks and in future to have iptable.

http://www.telecom-cafe.com/tele ... &extra=#pid8761

TOP

本帖最後由 bubblestar 於 2010-9-10 15:18 編輯

Protect your IPPBX with IPtables is Rule #1 in 10 Rules You Should Follow

TOP

Another scripts to block repeated SIP registration

http://www.teamforrest.com/blog/ ... g-peer-found-block/

TOP

返回列表