Asterisk IP tables SIP DDOS + fail2ban

linkqbox · January 11, 2011, 7:59am

Hi team,
I have just installed fail2ban and configure the following iptables

iptables -N SIP_ALLOW
iptables -A SIP_ALLOW -p udp --dport 5060 -m state --state NEW -m recent --set
iptables -A SIP_ALLOW -p tcp --dport 5060 -m state --state NEW -m recent --set
iptables -A SIP_ALLOW -m recent --update --seconds 15 --hitcount 10 --name SIP -j LOG
iptables -A SIP_ALLOW -m recent --update --seconds 15 --hitcount 10 --name SIP -j DROP
iptables -A SIP_ALLOW -s 192.168.1.0/24 -j ACCEPT
iptables -A SIP_ALLOW --src 204.9.161.164 -j ACCEPT
iptables -A SIP_ALLOW --src 63.209.144.201 -j ACCEPT
iptables -A SIP_ALLOW --src voiper.ipkall.com -j ACCEPT
iptables -A SIP_ALLOW -j LOG --log-ip-options
iptables -A SIP_ALLOW -j DROP

iptables -I INPUT -m tcp -p tcp --dport 5060 -j SIP_ALLOW
iptables -I INPUT -m udp -p udp --dport 5060 -j SIP_ALLOW

I saw some attacks today as my server is exposed to internet:

Jan 10 22:26:19 asterisk kernel: IN=eth0 OUT= MAC SRC=151.22.71.151 DST=110.10.0.200 LEN=434 TOS=0x00 PREC=0x20 TTL=44 ID=0 DF PROTO=UDP SPT=5063 DPT=5060 LEN=414
Jan 10 22:57:25 asterisk kernel: IN=eth0 OUT= MAC SRC=213.201.119.140 DST=110.10.0.200 LEN=434 TOS=0x00 PREC=0x20 TTL=43 ID=0 DF PROTO=UDP SPT=5060 DPT=5060 LEN=414
Jan 10 23:38:45 asterisk kernel: IN=eth0 OUT= MAC SRC=208.122.63.98 DST=110.10.0.200 LEN=485 TOS=0x00 PREC=0x20 TTL=117 ID=16256 PROTO=UDP SPT=14826 DPT=5060 LEN=465
Jan 10 23:38:46 asterisk kernel: IN=eth0 OUT= MAC SRC=208.122.63.98 DST=110.10.0.200 LEN=485 TOS=0x00 PREC=0x20 TTL=117 ID=16509 PROTO=UDP SPT=14826 DPT=5060 LEN=465
Jan 10 23:38:47 asterisk kernel: IN=eth0 OUT= MAC SRC=208.122.63.98 DST=110.10.0.200 LEN=485 TOS=0x00 PREC=0x20 TTL=117 ID=17098 PROTO=UDP SPT=14826 DPT=5060 LEN=465
Jan 10 23:38:49 asterisk kernel: IN=eth0 OUT= MAC SRC=208.122.63.98 DST=110.10.0.200 LEN=485 TOS=0x00 PREC=0x20 TTL=117 ID=18202 PROTO=UDP SPT=14826 DPT=5060 LEN=465
Jan 10 23:38:53 asterisk kernel: IN=eth0 OUT= MAC SRC=208.122.63.98 DST=110.10.0.200 LEN=485 TOS=0x00 PREC=0x20 TTL=117 ID=20313 PROTO=UDP SPT=14826 DPT=5060 LEN=465
Jan 10 23:38:57 asterisk kernel: IN=eth0 OUT= MAC SRC=208.122.63.98 DST=110.10.0.200 LEN=485 TOS=0x00 PREC=0x20 TTL=117 ID=22329 PROTO=UDP SPT=14826 DPT=5060 LEN=465
Jan 10 23:39:01 asterisk kernel: IN=eth0 OUT= MAC SRC=208.122.63.98 DST=110.10.0.200 LEN=485 TOS=0x00 PREC=0x20 TTL=117 ID=24416 PROTO=UDP SPT=14826 DPT=5060 LEN=465
Jan 10 23:39:05 asterisk kernel: IN=eth0 OUT= MAC SRC=208.122.63.98 DST=110.10.0.200 LEN=485 TOS=0x00 PREC=0x20 TTL=117 ID=26326 PROTO=UDP SPT=14826 DPT=5060 LEN=465
Jan 10 23:39:09 asterisk kernel: IN=eth0 OUT= MAC SRC=208.122.63.98 DST=110.10.0.200 LEN=485 TOS=0x00 PREC=0x20 TTL=117 ID=28143 PROTO=UDP SPT=14826 DPT=5060 LEN=465
Jan 10 23:39:13 asterisk kernel: IN=eth0 OUT= MAC SRC=208.122.63.98 DST=110.10.0.200 LEN=485 TOS=0x00 PREC=0x20 TTL=117 ID=30007 PROTO=UDP SPT=14826 DPT=5060 LEN=465
Jan 10 23:39:17 asterisk kernel: IN=eth0 OUT= MAC SRC=208.122.63.98 DST=110.10.0.200 LEN=485 TOS=0x00 PREC=0x20 TTL=117 ID=31967 PROTO=UDP SPT=14826 DPT=5060 LEN=465

Want to confirm if anyone can post their Firewall rules to mitigate DDOS attacks, so far above rules were able to stop attacks or if someone knows any other recommendation for enhancing SIP security in iptables. ( Ihave research some configuration in Asterisk online). Specifically how to block/add to iptables automatically those IP address of attackers or improve my iptables for SIP DDOS or attacks.
Thanks

riddlebox · January 11, 2011, 11:03pm

look toward the bottom of this post, for what I answered it with

viewtopic.php?f=1&t=76654

Topic		Replies	Views
SIP brute force password attacks Asterisk Support	7	1928	November 19, 2010
Fail2ban on asterisk 16.6.1 Asterisk Support	7	1047	May 18, 2021
Fail2ban problem Asterisk Support	2	1341	April 22, 2021
Asterisk, Freepbx, iptables or fail2ban...hacked? Asterisk General	2	680	September 15, 2015
Asterisk 20.7 fail2ban ubuntu 22.04 Asterisk SIP	2	611	May 8, 2024

Asterisk IP tables SIP DDOS + fail2ban

Related topics