Stop softphone brute force attack

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Stop softphone brute force attack

Postby MattWilkie » Wed Sep 25, 2013 7:48 am

I am currently using the latest version of Vicibox with standard out of the box installation with Asterisk version 4.

I have a current issue of someone constantly trying to register different SIP phones as shown below :-

[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:02] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9201" <sip:9201@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:03] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"861" <sip:861@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:03] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"861" <sip:861@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:03] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"861" <sip:861@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:03] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"861" <sip:861@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:03] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"861" <sip:861@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:03] == Manager 'sendcron' logged off from 127.0.0.1
[Sep 25 08:46:05] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"11022" <sip:11022@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:05] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"11022" <sip:11022@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:05] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"11022" <sip:11022@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:05] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"11022" <sip:11022@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:05] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"11022" <sip:11022@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:05] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"11022" <sip:11022@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:06] == Parsing '/etc/asterisk/manager.conf': [Sep 25 08:46:06] Found
[Sep 25 08:46:06] == Manager 'sendcron' logged on from 127.0.0.1
[Sep 25 08:46:06] == Manager 'sendcron' logged off from 127.0.0.1
[Sep 25 08:46:08] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"9010" <sip:9010@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:10] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"71018" <sip:71018@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:21] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"20506" <sip:20506@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:27] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"21506" <sip:21506@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:27] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"31014" <sip:31014@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:32] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"90500" <sip:90500@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found
[Sep 25 08:46:40] NOTICE[2205]: chan_sip.c:17084 handle_request_register: Registration from '"70018" <sip:70018@112.210.18.43:5060>' failed for '188.138.94.198' - No matching peer found

This isn't my remote server but wondering how i can create a deny for it to just shut it down completely.
MattWilkie
 
Posts: 4
Joined: Wed May 08, 2013 10:35 pm

Re: Stop softphone brute force attack

Postby DomeDan » Wed Sep 25, 2013 8:11 am

Depending on your network setup,
do you have a separate firewall then I suggest doing a whitelist.

If the server is connected directly to the internet then you should setup the iptables firewall to block the port or use a whitelist.

You might want to look at DGG http://www.viciwiki.com/index.php/DGG its made to work with stock vicidial installations,
it will block all port and only open them when a agent login using a secret link
Vicidial Partner. Region: Sweden/Norway.
Does Vicidial installation, configuration, customization, add-ons, CRM implementation, support, upgrading, network-related, pentesting etc. Remote and onsite assistance.
Email: domedan (at) gmail.com
DomeDan
 
Posts: 1226
Joined: Tue Jan 04, 2011 9:17 am
Location: Sweden

Re: Stop softphone brute force attack

Postby MattWilkie » Wed Sep 25, 2013 8:43 am

thanks for this will let you know if it sorts it. I noticed money disappearing yesterday which is why its flagged today. Having a nightmare of a time as someones also attacked one of my other servers for spam
MattWilkie
 
Posts: 4
Joined: Wed May 08, 2013 10:35 pm


Return to Support

Who is online

Users browsing this forum: Google [Bot] and 115 guests