how-to block ads
|
|
Share Topic
 |
 |
|
|
|
e9th
join:2003-07-12
Miami, FL | reply to mazilo
Re: Asterisk Hacking Attempts...Best way to lock down?said by mazilo:said by e9th:I turnes it on a few months ago (on 1.6). Since then, I still see one or two probes a week from various sites, but now each one just stops before fail2ban even notices. If your Asterisk is behind a NAT/Firewall router with a private IP Address and you haven't done any ports forwarding on your NAT/Firewall router, I don't suppose you will see such a probing activity. As such, your Asterisk won't need the fail2ban. I prefer that those who are able to call me directly, can. This pretty much rules out hiding behind a firewall.
And they don't eat up bandwidth. It sure will eat some of CPU resources.
Note how quickly svwar gives up when alwaysauthreject=yes :
bash-4.0# time ./svwar.py -e100-9999 xxx.xxx.xxx.xxx
ERROR:TakeASip:SIP server replied with an authentication request for an unknown extension. Set --force to force a scan.
WARNING:root:found nothing
real 0m0.266s
user 0m0.190s
sys 0m0.060s
| | |
|
maziloFrom MaziloPremium
join:2002-05-30
Lilburn, GA
kudos:1 | said by e9th:said by mazilo:said by e9th:I turnes it on a few months ago (on 1.6). Since then, I still see one or two probes a week from various sites, but now each one just stops before fail2ban even notices. If your Asterisk is behind a NAT/Firewall router with a private IP Address and you haven't done any ports forwarding on your NAT/Firewall router, I don't suppose you will see such a probing activity. As such, your Asterisk won't need the fail2ban. I prefer that those who are able to call me directly, can. This pretty much rules out hiding behind a firewall. I have my Asterisk PBX System hosted on a Netgear WGT634U running on an OpenWRT firmware with a private IP Address behind a NAT/Firewall router sans any ports forwarding and it has no problems to process incoming and/or outgoing calls. If you have configured your Asterisk PBX System correctly, it shouldn't need any ports forwarding on your NAT/Firewall router.
And they don't eat up bandwidth. It sure will eat some of CPU resources. These are not per se DoS attacks. That's just an unpleasant side effect of scanning thousands of extensions for valid ones. If we can simply make sipvicious stop scanning on its own, then everybody wins: My connection doesn't get clogged up; fail2ban, ossec, whatever, don't have to waste cycles poring over log files; and even my attackers know to move on to the next guy.
Note how quickly svwar gives up when alwaysauthreject=yes : bash-4.0# time ./svwar.py -e100-9999 xxx.xxx.xxx.xxx
ERROR:TakeASip:SIP server replied with an authentication request for an unknown extension. Set --force to force a scan.
WARNING:root:found nothing
real 0m0.266s
user 0m0.190s
sys 0m0.060s
Your logic dealing with this kind of crackers is similar to either how e-mail providers are doing their business to let junk e-mails in and filter them to the junk folder or how the US gov't deals with telemarketers using the Do Not call list. AFAIC, that's a waste of resources.
--
don't and stop are the ONLY two 4-letter words considered offensive to men, but not when used together. | |
|
