{Help} - How to block wrongpassword clients?

kartook · October 27, 2010, 2:38pm

HI

Advance thanks for the help .

1 . How to block the wrong password attempted source IP Addresses ?
2 . My extension starts from [color=#408000]10001 to 10100[/color] .I need to block all other numbers color=#FF0000[/color] to reach my server .

I am using ubuntu linux is the base of my asterisk …

Thanks
K~

david55 · October 27, 2010, 3:08pm

There is insufficient information, however, I suspect you are talking about allowguest in sip.conf.

Of course, you may not even be using SIP.

kartook · October 27, 2010, 4:56pm

Thanks for the reply

i am using sip only .

yes , i need allow only selected guests to make calls .Already we configured only registered extension make calls .

can i ask like this

How to allow only selected country IPAddress to reach my server .

Need to allow : USA,INDIA

all other countries i need to block on my asterisk …

david55 · October 27, 2010, 5:17pm

With your firewall.

Note that, at best, IP addresses will generally reflect the country of the ISP, not the the true country of origin, and you will have a continuing job of monitoring IP address allocations, although that might be a service you could buy.

I am not sure that the Linux firewall could cope well with the number of rules required to do this.

cerien.jean · October 27, 2010, 7:28pm

you probably want to use fail2ban or ossec

comdif · October 27, 2010, 8:29pm

I have posted some time ago a howto on a French forum
dialnode.com/asterisk-france … hp?p=51548
Be sure all sip scan are auto blacklisted but take care your side to make good conf in your gw or ip phones
because you will be blacklisted and not able to connect server

kartook · October 30, 2010, 8:38am

cool guys

teamforrest.com/blog/171/ast … und-block/

Here is solution i found .Testing is going on .

Thanks all

cerien.jean · October 30, 2010, 3:13pm

This script tries to reinvent the wheel… fail2ban does the same, but more effectively - it monitors the log through gamin, much more resource effective, and much quicker, and detects more cases. Specifically, going through cron evry 2 minutes (or even one) is a big security hole - With a 2 mbs link, you can receive ca ONE THOUSAND requests in ONE SECOND.

And finally, fail2ban can be used to block other attacks on your server (ssh, apache, etc…)

No chances you make me use such a dangerous piece of code

kartook · November 14, 2010, 1:53pm

implemented fail2ban

Thanks mate