For the last couple of days, have been getting calls from

119.147.116.XXX
113.105.153.XXX
218.116.19.XXX

with CLIDs of Asterisk and SIP. Googled these IP addresses and found these IPs to be repeatedly discussed, and the advice for various flavours of PBX was installation of Fail2Ban... which I have duly installed on my elastix box.

However ,the question is, I'm actually getting physical calls from these IP addies which are ringing my extensions; I'm not actually getting registration or SSH log-in attmpts (well none that I could discren from the logs), will Fail2Ban actually help in this siutation?... or, is there a better way to get rid of these untimely calls?

Thanks.
Riz

Perhaps fail2ban will work, but add

alwaysauthreject=yes

somewhere in your sip.conf hierarchy for completeness.

Althought these guys are a PITA, don't underestimate them, they are NOT stupid, (ask google, they got screwed) I suggest you ban the entire networks at /8 on your firewall, ok, so some folks in china and japan won't be able to register with you but is that a problem? look into csf as a a firewall and it's ability to do bans by ipcountry, most of this crap comes from China closely followed by eastern Europe, go figure

dicko


(
yum -y install jwhois

whois 119.147.116.0

etc.

)

+1 for Dicko's above post
I am still running fail2ban but also installed CSF and configured it to watch the fail2ban logs as well as the asterisk/full logs and CSF will also do dyndns resolve for remote access and allow it through firewall

The other firewall that works well is apf/bfd but is no longer maintained from its creator

As I suggested elsewhere , please only run fail2ban AFTER csf and not before or you might get conflicts/FU's in iptables , see my csf pre and post scripts. (still ugly but still functional.)

dicko

(iptables is iptables, it is as powerful as hell, use whatever works for you to configure it, but please use it !!!! )