I have an Asterisk box at my home office. I have it set up for remote extensions so I can use my smartphone as an extension when both home and away. All works fine.
I have long, random passwords and I have fail2ban protecting the server, which works well.
Despite that, I've noticed I'm still finding myself the target of intense attack attempts.
Fail2Ban sends an e-mail when it bans an IP, and I saw last night at 5:21pm it banned 208.115.231.210 after "120 attempts against Asterisk".
This morning I noticed via iptables that that same IP is still banned, and I see via Wireshark that despite getting no response, that same IP is still sending around 100 SIP registration attempts a second. That's data I'm paying for!
I seem to get hit with one of these persistent buggers about once a month, and the attack can go on for as long as 48 hours and consume multiple GBs of data.
Is this just one of the realities of having an externally accessible Asterisk box?
Trusted
Biddle Corp
