返回列表 發帖
ckleea

Rank: 1
1# 跳轉到 » 倒序看帖
打印
tT
發表於 2010-9-1 18:51 | 顯示全部帖子

Block hackers attack

I read this

Just in case anyone is using Blockhosts
(http://www.aczoom.com/blockhosts/) with their Linux servers and
Asterisk here are the rules necessary to block invalid users:


"asterisk-NoPeer":
r'Registration from .* failed for \'{HOST_IP}\' - No matching peer
found',

"asterisk-NoAuth":
r'Registration from .* failed for \'{HOST_IP}\' - Username/auth name
mismatch',

"asterisk-NoPass":
r'Registration from .* failed for \'{HOST_IP}\' - Wrong password',

       Just add these rules to your /etc/blockhosts.conf file.
收藏 分享

ckleea

Rank: 1
2#
發表於 2010-9-1 20:56 | 顯示全部帖子
I am trying to use this setting on my centos-asterisk

TOP

ckleea

Rank: 1
3#
發表於 2010-9-2 08:26 | 顯示全部帖子
But the log will tell you which ip attacks your server. When you put the ips in the blacklist of hosts.allow. It will drops their connection.

TOP

ckleea

Rank: 1
4#
發表於 2010-9-10 14:47 | 顯示全部帖子
Switchfin will have permit and deny for peers and trunks and in future to have iptable.

http://www.telecom-cafe.com/tele ... &extra=#pid8761

TOP

ckleea

Rank: 1
5#
發表於 2010-9-18 05:55 | 顯示全部帖子
Another scripts to block repeated SIP registration

http://www.teamforrest.com/blog/ ... g-peer-found-block/

TOP

ckleea

Rank: 1
6#
發表於 2010-10-4 21:59 | 顯示全部帖子
A new attack from 64.156.192.26

TOP

ckleea

Rank: 1
7#
發表於 2010-10-6 06:36 | 顯示全部帖子
本帖最後由 ckleea 於 2010-10-6 06:47 編輯

another IP 79.114.199.69
Already in my asterisk and try 2 numbers.



IP         :        79.114.199.69              Neighborhood
Host         :        79-114-199-69.dynamic.brasov.rdsnet.ro    Not OK
Country         :        Romania  


    Address information
Please wait...
    Related IP addresses
Please wait...
    IP owner info (Whois)
Please wait...
    Domain owner info (Whois / Abuse)
Please wait...
    Conversions (IPv4 / IPv6)
Please wait...
    Ping
Please wait...

TOP

ckleea

Rank: 1
8#
發表於 2010-10-6 06:50 | 顯示全部帖子
They to dial     900185099930593 and 001263912797847

TOP

ckleea

Rank: 1
9#
發表於 2010-10-6 09:00 | 顯示全部帖子
I have this already alwaysauthreject=yes

TOP

ckleea

Rank: 1
10#
發表於 2010-10-20 22:00 | 顯示全部帖子
Default in switchfin firmware
allowauthreject = yes
  1. Global Settings:
  2. ----------------
  3.   SIP Port:               5060
  4.   Bindaddress:            0.0.0.0
  5.   Videosupport:           No
  6.   AutoCreatePeer:         No
  7.   Allow unknown access:   No
  8.   Allow subscriptions:    Yes
  9.   Allow overlap dialing:  Yes
  10.   Promsic. redir:         No
  11.   SIP domain support:     No
  12.   Call to non-local dom.: Yes
  13.   URI user is phone no:   No
  14.   Our auth realm          Realm
  15.   Realm. auth:            No
  16.   Always auth rejects:    Yes
  17.   Call limit peers only:  No
  18.   Direct RTP setup:       No
  19.   User Agent:             SwitchFin PBX
  20.   MWI checking interval:  10 secs
  21.   Reg. context:           (not set)
  22.   Caller ID:              asterisk
  23.   From: Domain:           
  24.   Record SIP history:     Off
  25.   Call Events:            Off
  26.   IP ToS SIP:             none
  27.   IP ToS RTP audio:       EF
  28.   IP ToS RTP video:       CS3
  29.   T38 fax pt UDPTL:       No
  30.   RFC2833 Compensation:   No
  31.   SIP realtime:           Disabled

  33. Global Signalling Settings:
  34. ---------------------------
  35.   Codecs:                 0x10e (gsm|ulaw|alaw|g729)
  36.   Codec Order:            alaw:20,ulaw:20,gsm:20,g729:20
  37.   T1 minimum:             100
  38.   No premature media:     No
  39.   Relax DTMF:             No
  40.   Compact SIP headers:    No
  41.   RTP Keepalive:          0 (Disabled)
  42.   RTP Timeout:            0 (Disabled)
  43.   RTP Hold Timeout:       0 (Disabled)
  44.   MWI NOTIFY mime type:   application/simple-message-summary
  45.   DNS SRV lookup:         Yes
  46.   Pedantic SIP support:   No
  47.   Reg. min duration       60 secs
  48.   Reg. max duration:      3600 secs
  49.   Reg. default duration:  120 secs
  50.   Outbound reg. timeout:  20 secs
  51.   Outbound reg. attempts: 0
  52.   Notify ringing state:   Yes
  53.   Notify hold state:      No
  54.   SIP Transfer mode:      open
  55.   Max Call Bitrate:       384 kbps
  56.   Auto-Framing:           No

  58. Default Settings:
  59. -----------------
  60.   Context:                default
  61.   Nat:                    Always
  62.   DTMF:                   rfc2833
  63.   Qualify:                2000
  64.   Use ClientCode:         No
  65.   Progress inband:        Never
  66.   Language:               (Defaults to English)
  67.   MOH Interpret:          default
  68.   MOH Suggest:            
  69.   Voice Mail Extension:   asterisk
複製代碼

TOP

ckleea

Rank: 1
11#
發表於 2014-3-15 21:13 | 顯示全部帖子
最近一批黑客 ip addresses
  1. iptables -A INPUT -s  220.177.198.0/24 -j DROP
  2. iptables -A INPUT -s  116.10.191.0/24 -j DROP
  3. iptables -A INPUT -s  119.39.124.0/24 -j DROP
  4. iptables -A INPUT -s  61.174.51.0/24 -j DROP
  5. iptables -A INPUT -s  67.222.1.0/24 -j DROP
  6. iptables -A INPUT -s  190.14.159.0/24 -j DROP
  7. iptables -A INPUT -s  222.186.38.0/24 -j DROP
  8. iptables -A INPUT -s  190.14.159.0/24 -j DROP
  9. iptables -A INPUT -s  1.93.34.0/24 -j DROP
  10. iptables -A INPUT -s  66.135.55.0/24 -j DROP
  11. iptables -A INPUT -s  222.186.38.0/24 -j DROP
  12. iptables -A INPUT -s  211.157.179.0/24 -j DROP
  13. iptables -A INPUT -s  61.147.103.0/24 -j DROP
  14. iptables -A INPUT -s  115.239.248..0/24 -j DROP
  15. iptables -A INPUT -s  1.93.24.0/24 -j DROP
  16. iptables -A INPUT -s  42.62.17.0/24 -j DROP
  17. iptables -A INPUT -s  220.177.198.0/24 -j DROP
  18. iptables -A INPUT -s  87.106.49.0/24 -j DROP
  19. iptables -A INPUT -s  123.125.8.0/24 -j DROP
  20. iptables -A INPUT -s  61.136.171.0/24 -j DROP
複製代碼

TOP

返回列表