Re: [asterisk-users] Attack on Sip server.

Fri, 27 Jun 2014 09:15:57 -0700 

Block the ip?

You should only enable sip for your specific clients in iptables.


Sent from Samsung Mobile

<div>-------- Original message --------</div><div>From: arun kumar 
<[email protected]> </div><div>Date:27/06/2014  4:42 PM  (GMT+02:00) 
</div><div>To: Asterisk Users Mailing List - Non-Commercial Discussion 
<[email protected]> </div><div>Subject: Re: [asterisk-users] 
Attack on Sip server. </div><div>
</div>Hi,

    Change the protocol from tcp to udp in iptables.

~Arun

On 27 Jun 2014 20:07, "Anurag Rana" <[email protected]> wrote:

Hi All.

Someone is attacking on my SIP server.
There are lot of requests coming in and I am not able to stop it because I am 
unable to detect the IP address. 
I used wireshark to capture the packets.

Although I am using very strong password for my SIP users but still is there 
any way to drop these packets and stop this attack.

I tried dropping packet after matching some string (most of the packets from 
attacker contains string 'VaxSIPUserAgent/3.1' ) but it failed. Packets are 
still flowing in. 

iptables -I INPUT 1 -p tcp --dport 5060 -m string --string "VaxSIPUserAgent" 
--algo bm -j DROP

​Its something like this

Registration from '"30" <sp:30@my_public_ip:5060> failed for 
'192.168.xxx.xxx:6373' - Wrong Password​

​and there are approx 10 request per minute of this type.

Please suggest some way to stop this.​


-- 
Anurag Rana 
http://newbie42.blogspot.in/
On the trampoline of life's experiences, Striving towards a saintly life in the 
midst of these materialistic turbulences.



--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to