Hello Dear,
I have just installed vicibox v9.0.1, installed webrtc and started dialing today.
Version: 2.14b0.5
SVN Version: 3224
DB Schema Version: 1592
DB Schema Update Date: 2020-04-16 01:46:25
We are getting a lot of sip attacks afetr every setting firewall is active is there a way to prevent these attacks?
Can we use fail2ban with Vicibox v9.0.1?
Please update if there is any solution to avoid sip attacks?
Thanks.
TOO MANY SIP ATTACKS ON ASTERISK
Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N
5 posts
• Page 1 of 1
TOO MANY SIP ATTACKS ON ASTERISK
by rameez.amjad4 » Thu Apr 16, 2020 5:20 pm
- rameez.amjad4
- Posts: 91
- Joined: Wed Oct 03, 2018 1:23 pm
Re: TOO MANY SIP ATTACKS ON ASTERISK
by williamconley » Thu Apr 16, 2020 5:50 pm
whitelist only access. No other method is safe.
Turn off access to the server. Whitelist authorized IPs only. Get a list of all authorized IPs (users, managers, satellite offices, carriers) and add them as authorized IPs. Then change your default access to DROP. Then reboot.
We have a product called Dynamic Good Guys which makes it easy to add authorized IPs, but more importantly it contains instructions for the "whitelist lockdown" which precedes installation. Then you can decide if you need an easy-to-add whitelisting method or not. It's for versions up to Vicibox 8, but should be close enough to 9 that you can follow the instruction well enough for a whitelist.
Of course, if there's a whitelist instruction set somewhere in the Manager's Manual ... go with that!
Turn off access to the server. Whitelist authorized IPs only. Get a list of all authorized IPs (users, managers, satellite offices, carriers) and add them as authorized IPs. Then change your default access to DROP. Then reboot.
We have a product called Dynamic Good Guys which makes it easy to add authorized IPs, but more importantly it contains instructions for the "whitelist lockdown" which precedes installation. Then you can decide if you need an easy-to-add whitelisting method or not. It's for versions up to Vicibox 8, but should be close enough to 9 that you can follow the instruction well enough for a whitelist.
Of course, if there's a whitelist instruction set somewhere in the Manager's Manual ... go with that!
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
- williamconley
- Posts: 20019
- Joined: Wed Oct 31, 2007 4:17 pm
- Location: Davenport, FL (By Disney!)
Re: TOO MANY SIP ATTACKS ON ASTERISK
by bbakirtas » Sat Apr 18, 2020 11:50 am
try webmin
Vicibox 9.0.1
VERSION: 2.14-738a
BUILD: 200210-1628
Intel Xeon X5650 12 Core HT 24 Core 2.90 Ghz
64 GB ECC Registered Memory
VERSION: 2.14-738a
BUILD: 200210-1628
Intel Xeon X5650 12 Core HT 24 Core 2.90 Ghz
64 GB ECC Registered Memory
- bbakirtas
- Posts: 92
- Joined: Thu Dec 06, 2012 3:35 am
- Location: Turkey
Re: TOO MANY SIP ATTACKS ON ASTERISK
by rameez.amjad4 » Thu Apr 23, 2020 2:24 pm
If i install fial2ban on this vicibox 9.0.1, would it work on this version of vicibox?
Please update, Thanks.
Please update, Thanks.
- rameez.amjad4
- Posts: 91
- Joined: Wed Oct 03, 2018 1:23 pm
Re: TOO MANY SIP ATTACKS ON ASTERISK
by williamconley » Thu Apr 23, 2020 2:31 pm
those two applications are unrelated to one another. like asking if ntp will work with mysql. fail2ban works, but it can be problematic with a SIP-based system to not "lock out" an entire call center when one user's phone account is deleted. so be careful when you configure it.
It also does not stop DDOS or brute force attacks, it merely requires a rotating IP attacker. These attackers are more sophisticated than the everyday attackers, and arguably more dangerous. But any attacker is a bad thing.
We ONLY use whitelist systems. We have an add-on to allow easy creation of a new whitelisted IP. But "allow everyone" is never an option. And our security hasn't been breached in a decade as a direct result.
It also does not stop DDOS or brute force attacks, it merely requires a rotating IP attacker. These attackers are more sophisticated than the everyday attackers, and arguably more dangerous. But any attacker is a bad thing.
We ONLY use whitelist systems. We have an add-on to allow easy creation of a new whitelisted IP. But "allow everyone" is never an option. And our security hasn't been breached in a decade as a direct result.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
- williamconley
- Posts: 20019
- Joined: Wed Oct 31, 2007 4:17 pm
- Location: Davenport, FL (By Disney!)
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot], Google [Bot] and 91 guests