Calls from Asterisk and SIP, will Fail2Ban help?

RizSher

Joined
Jun 9, 2007
Messages
13
Likes
0
Points
0
#1
For the last couple of days, have been getting calls from

119.147.116.XXX
113.105.153.XXX
218.116.19.XXX

with CLIDs of Asterisk and SIP. Googled these IP addresses and found these IPs to be repeatedly discussed, and the advice for various flavours of PBX was installation of Fail2Ban... which I have duly installed on my elastix box.

However ,the question is, I'm actually getting physical calls from these IP addies which are ringing my extensions; I'm not actually getting registration or SSH log-in attmpts (well none that I could discren from the logs), will Fail2Ban actually help in this siutation?... or, is there a better way to get rid of these untimely calls?

Thanks.
Riz
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#2
Perhaps fail2ban will work, but add

alwaysauthreject=yes

somewhere in your sip.conf hierarchy for completeness.

Althought these guys are a PITA, don't underestimate them, they are NOT stupid, (ask google, they got screwed) I suggest you ban the entire networks at /8 on your firewall, ok, so some folks in china and japan won't be able to register with you but is that a problem? look into csf as a a firewall and it's ability to do bans by ipcountry, most of this crap comes from China closely followed by eastern Europe, go figure :)

dicko


(
yum -y install jwhois

whois 119.147.116.0

etc.

)
 

DaveD

Joined
Nov 12, 2007
Messages
597
Likes
0
Points
16
#3
+1 for Dicko's above post
I am still running fail2ban but also installed CSF and configured it to watch the fail2ban logs as well as the asterisk/full logs and CSF will also do dyndns resolve for remote access and allow it through firewall

The other firewall that works well is apf/bfd but is no longer maintained from its creator
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#4
As I suggested elsewhere , please only run fail2ban AFTER csf and not before or you might get conflicts/FU's in iptables , see my csf pre and post scripts. (still ugly but still functional.)

dicko

(iptables is iptables, it is as powerful as hell, use whatever works for you to configure it, but please use it !!!! )
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,902
Messages
130,887
Members
17,565
Latest member
omarmenichetti
Top