new hacker found

ckleea

85.195.93.234 a germany address tried to dial to Central America.

ckleea

Fail2ban fails to work. My router needs a reboot for this to work

ckleea

Another one today
108.59.5.148

ckleea

I found a new one today

41.232.228.135

Africa IP range but not sure the country

ckleea

I am wondering whether we should start switching to all non standard ports for SIP, IAX and RTP. This may help minimizing the risk of hacker port scanning and attempting to login

角色

回復 11# bubblestar

I believe we have to read the source code to determine the configuration in detail.

YH

bubblestar

I deploy my firewall mainly in router.  

BTW, what is the configuration format to deny multiple IP address in the layer of sip.conf of Asterisk ?  Use comma (,) semi-colon (;) or space between IP addresses ?

角色

Agree absolutely.

YH

ckleea

回復 8# 角色

I do it in the router firewall level which is more effectively. If you use it with asterisk or linux server, hacker already in your network.

角色

I forgot the way to include a file which contains the blacklisted IP addresses. If you know, please let me know the method.

YH

ckleea

回復 6# 角色


    yes, I already make use of these.

角色

In the sample of sip.conf, it shows

1. ;       Especially note the following settings:
   
2. ;               - allowguest (default enabled)
   
3. ;               - permit/deny - IP address filters
   
4. ;               - contactpermit/contactdeny - IP address filters for registrations
   
5. ;               - context - Which set of services you offer various users
   
6. ;

複製代碼

Therefore we can use allowguest, permit/deny, contactpermit/contactdeny to prevent hacker if we know their ip.

YH

ckleea

I have no idea how it login and dial out. Every bit needs different set of password.

Anyone it tries and does not result in serious injury.

ckleea

I found this IP logon and do unusal dialling

ckleea

Use fail2ban