Page 1 of 1
TOO MANY SIP ATTACKS ON ASTERISK
Posted:
Thu Apr 16, 2020 5:20 pmby rameez.amjad4
Hello Dear,
I have just installed vicibox v9.0.1, installed webrtc and started dialing today.
Version: 2.14b0.5
SVN Version: 3224
DB Schema Version: 1592
DB Schema Update Date: 2020-04-16 01:46:25
We are getting a lot of sip attacks afetr every setting firewall is active is there a way to prevent these attacks?
Can we use fail2ban with Vicibox v9.0.1?
Please update if there is any solution to avoid sip attacks?
Thanks.
Re: TOO MANY SIP ATTACKS ON ASTERISK
Posted:
Thu Apr 16, 2020 5:50 pmby williamconley
whitelist only access. No other method is safe.
Turn off access to the server. Whitelist authorized IPs only. Get a list of all authorized IPs (users, managers, satellite offices, carriers) and add them as authorized IPs. Then change your default access to DROP. Then reboot.
We have a product called Dynamic Good Guys which makes it easy to add authorized IPs, but more importantly it contains instructions for the "whitelist lockdown" which precedes installation. Then you can decide if you need an easy-to-add whitelisting method or not. It's for versions up to Vicibox 8, but should be close enough to 9 that you can follow the instruction well enough for a whitelist.
Of course, if there's a whitelist instruction set somewhere in the Manager's Manual ... go with that!
Re: TOO MANY SIP ATTACKS ON ASTERISK
Posted:
Sat Apr 18, 2020 11:50 amby bbakirtas
try webmin
Re: TOO MANY SIP ATTACKS ON ASTERISK
Posted:
Thu Apr 23, 2020 2:24 pmby rameez.amjad4
If i install fial2ban on this vicibox 9.0.1, would it work on this version of vicibox?
Please update, Thanks.
Re: TOO MANY SIP ATTACKS ON ASTERISK
Posted:
Thu Apr 23, 2020 2:31 pmby williamconley
those two applications are unrelated to one another. like asking if ntp will work with mysql. fail2ban works, but it can be problematic with a SIP-based system to not "lock out" an entire call center when one user's phone account is deleted. so be careful when you configure it.
It also does not stop DDOS or brute force attacks, it merely requires a rotating IP attacker. These attackers are more sophisticated than the everyday attackers, and arguably more dangerous. But any attacker is a bad thing.
We ONLY use whitelist systems. We have an add-on to allow easy creation of a new whitelisted IP. But "allow everyone" is never an option. And our security hasn't been breached in a decade as a direct result.