new hacker found

ckleea

85.195.93.234 a germany address tried to dial to Central America.

角色

How do we block hacker with the linux box?

YH

ckleea

Use fail2ban

ckleea

I found this IP logon and do unusal dialling

ckleea

I have no idea how it login and dial out. Every bit needs different set of password.

Anyone it tries and does not result in serious injury.

角色

In the sample of sip.conf, it shows

1. ;       Especially note the following settings:
   
2. ;               - allowguest (default enabled)
   
3. ;               - permit/deny - IP address filters
   
4. ;               - contactpermit/contactdeny - IP address filters for registrations
   
5. ;               - context - Which set of services you offer various users
   
6. ;

複製代碼

Therefore we can use allowguest, permit/deny, contactpermit/contactdeny to prevent hacker if we know their ip.

YH

ckleea

回復 6# 角色


    yes, I already make use of these.

角色

I forgot the way to include a file which contains the blacklisted IP addresses. If you know, please let me know the method.

YH

ckleea

回復 8# 角色

I do it in the router firewall level which is more effectively. If you use it with asterisk or linux server, hacker already in your network.

角色

Agree absolutely.

YH

bubblestar

I deploy my firewall mainly in router.  

BTW, what is the configuration format to deny multiple IP address in the layer of sip.conf of Asterisk ?  Use comma (,) semi-colon (;) or space between IP addresses ?

角色

回復 11# bubblestar

I believe we have to read the source code to determine the configuration in detail.

YH

ckleea

I am wondering whether we should start switching to all non standard ports for SIP, IAX and RTP. This may help minimizing the risk of hacker port scanning and attempting to login

ckleea

I found a new one today

41.232.228.135

Africa IP range but not sure the country

ckleea

Another one today
108.59.5.148