[kwlug-disc] Blocking SIP registrations
Herman Gruetzmacher
hgruetzmacher at gmail.com
Tue Jan 13 20:29:10 EST 2015
I like voip.ms and use them too along with Unlimitel. But I am using 8 sip
phones as extensions off of my FreePBX including remote extensions (outside
of my home). The ip address of the remote extension changes as the ip
address is dynamic so I need to open up my firewall to allow remote sip
registration. fail2ban will block external ip addresses after 3 unsuccessful
attempts but there are many more registration attempts which appear to be
coming directly from my own wan, ie my external Rogers IP address. I was
thinking of using non standard sip udp ports as a starting point and port
forwarding them, is that enough? I saw this SecAst product but it appears
quite involved to set-up and was wondering if anyone else has used it.
Thanks
Herman
-----Original Message-----
From: William Park
Sent: Tuesday, January 13, 2015 7:01 PM
To: kwlug-disc at kwlug.org
Subject: Re: [kwlug-disc] Blocking SIP registrations
Off topic question...
Why do you need to be your own telephone company? Can't you get away
with using voip.ms or others? I've attended a voip.ms demo, and it
seems like you're running your own telophone company through voip.ms,
because they allow you to resell.
--
William
On Tue, Jan 13, 2015 at 05:08:50PM -0500, Paul Nijjar wrote:
> So Herman (who is currently off kwlug-disc but might rejoin) is
> wondering how to keep people from hammering his Asterisk server with
> attempted SIP registrations. He tried fail2ban but found it was not
> working for him. He asked me about a product called SecAst
> (http://www.generationd.com/?target=secast) but being an Asterisk
> newbie I had never heard of it.
>
> Questions for Asterisk people:
>
> 0. How do you secure your server against attempts to brute force SIP
> connections?
>
> 1. Have you heard of this product? Do you have opinions?
>
> 2. Are there other tools Herman should try? Ways to tune fail2ban so
> that it works?
>
> - Paul
>
>
> --
> http://pnijjar.freeshell.org
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
_______________________________________________
kwlug-disc mailing list
kwlug-disc at kwlug.org
http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
More information about the kwlug-disc
mailing list