original source : http://www.pbxer.com/asterisk-security-use-iptables-to-block-nasty-hosts/

ASTERISK SECURITY: USE IPTABLES TO BLOCK THE BAD GUYS

Having your asterisk server on the public internet, people will try to use your phone system for free.

One technique is for scripts simply to look for any accounts with easy to guess usernames and passwords. It’s easy to spot these attempts in the log files. Just look for any “Fail” messages:

grep “Fail” /var/log/asterisk/messages

[Jun 18 07:42:15] NOTICE[31682] chan_sip.c: Failed to authenticate user "MeucciSolutions" ;tag=as6f2c0dfb[Jun 18 07:49:45] NOTICE[31682] chan_sip.c: Failed to authenticate user "MeucciSolutions" ;tag=as51af5dba
[Jun 18 09:02:47] NOTICE[31682] chan_sip.c: Failed to authenticate user "MeucciSolutions" ;tag=as3c4e5e5b
[Jun 18 09:57:09] NOTICE[31682] chan_sip.c: Failed to authenticate user "MeucciSolutions" ;tag=as22d69494
...

As you can see, some joker at 74.55.157.130 tried several times to authenticate on my server. Now, I have passwords that are not easy to guess, but still I’d prefer to block them from even getting to my asterisk server. Linux has a built-in firewall and it is possible to simply reject any packets from this IP address.

iptables -I INPUT -s 74.55.157.130 -j DROP

That translates to: If any packets come from this particular IP address (source), ignore (drop) them.

To view (list) all the blocked IP addresses:

iptables -n -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  74.55.157.130        0.0.0.0/0

Comments are closed.

Post Navigation