Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.


aw



254 posts

Ultimate Geek
+1 received by user: 2

Subscriber

Topic # 99056 12-Mar-2012 07:41 Send private message

*sigh*

I have an Asterisk box at my home office. I have it set up for remote extensions so I can use my smartphone as an extension when both home and away. All works fine.

I have long, random passwords and I have fail2ban protecting the server, which works well.

Despite that, I've noticed I'm still finding myself the target of intense attack attempts.

Fail2Ban sends an e-mail when it bans an IP, and I saw last night at 5:21pm it banned 208.115.231.210  after "120 attempts against Asterisk".

This morning I noticed via iptables that that same IP is still banned, and I see via Wireshark that despite getting no response, that same IP is still sending around 100 SIP registration attempts a second. That's data I'm paying for!

I seem to get hit with one of these persistent buggers about once a month, and the attack can go on for as long as 48 hours and consume multiple GBs of data.

Is this just one of the realities of having an externally accessible Asterisk box?

Create new topic
1332 posts

Uber Geek
+1 received by user: 152
Inactive user


  Reply # 593861 12-Mar-2012 08:12 Send private message

Pretty much :C

All you can do is work with your provider to see if they will null route the attempts. If you have a residential connection this will be much harder than a business connection with SLA.

20378 posts

Uber Geek
+1 received by user: 1924

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 593865 12-Mar-2012 08:18 Send private message

Unless you funny understand the risks associated with doing so no PBX should ever be internet facing. VPN access for remote extensions is always the most secure way of allowing remote access.

While your firewall has blocked that IP the bot still knows you have a PBX there and isn't smart enough to realise it's been blocked.


aw



254 posts

Ultimate Geek
+1 received by user: 2

Subscriber

  Reply # 594541 13-Mar-2012 13:08 Send private message

OK I'll investigate VPN options. Thanks for the advice.

Anyone else VPN their iPhone back to their home PABX?

1219 posts

Uber Geek
+1 received by user: 268


  Reply # 594545 13-Mar-2012 13:15 Send private message

aw: *sigh*

I have an Asterisk box at my home office. I have it set up for remote extensions so I can use my smartphone as an extension when both home and away. All works fine.

I have long, random passwords and I have fail2ban protecting the server, which works well.

Despite that, I've noticed I'm still finding myself the target of intense attack attempts.

Fail2Ban sends an e-mail when it bans an IP, and I saw last night at 5:21pm it banned 208.115.231.210  after "120 attempts against Asterisk".

This morning I noticed via iptables that that same IP is still banned, and I see via Wireshark that despite getting no response, that same IP is still sending around 100 SIP registration attempts a second. That's data I'm paying for!

I seem to get hit with one of these persistent buggers about once a month, and the attack can go on for as long as 48 hours and consume multiple GBs of data.

Is this just one of the realities of having an externally accessible Asterisk box?


that IP seems to come from http://www.limestonenetworks.com mite be worth putting in an abuse report





3054 posts

Uber Geek
+1 received by user: 225

Trusted
Subscriber

  Reply # 594549 13-Mar-2012 13:22 Send private message

1080p: Pretty much :C

All you can do is work with your provider to see if they will null route the attempts. If you have a residential connection this will be much harder than a business connection with SLA.


Haha not if they are Orcon, flat out refused to null route one of our internal IPs are DDoS to it were taking out our entire rack. Took them 3 months of us begging to finally look at a fix which was a 1gbps port upgrade which solved the issues overnight. 





69 posts

Master Geek


  Reply # 597585 20-Mar-2012 11:30 Send private message

vpn the best way for remote phones. Iphone + vpn options here - http://www.linuxpinguin.de/2009/06/secure-encrypted-phone-calls-with-your-iphone/

Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Bad lower back.
Created by TimA, last reply by cep32 on 29-Jan-2015 07:57 (72 replies)
Pages... 3 4 5


I have had enough of Vodafone Customer Service... which ISP is for me?
Created by andrewinwlg, last reply by michaelmurfy on 28-Jan-2015 20:10 (23 replies)
Pages... 2


Am I going down? App for the fearful of flying.
Created by networkn, last reply by SaltyNZ on 29-Jan-2015 08:15 (44 replies)
Pages... 2 3


Police Speed Campaign - Summer 2014/2015
Created by nzkiwiman, last reply by KiwiNZ on 29-Jan-2015 11:12 (139 replies)
Pages... 8 9 10


AdBlockers on Geekzone
Created by freitasm, last reply by wally22 on 29-Jan-2015 09:55 (69 replies)
Pages... 3 4 5


Spark customers get Lightbox free for 12 months
Created by freitasm, last reply by ARK on 27-Jan-2015 16:35 (137 replies)
Pages... 8 9 10


How (not) to run a hotel
Created by MikeAqua, last reply by BTR on 26-Jan-2015 16:06 (68 replies)
Pages... 3 4 5


Windows 10 News - 22 Jan
Created by Regs, last reply by joker97 on 29-Jan-2015 07:10 (131 replies)
Pages... 7 8 9



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.