[ale] SIP attack
Brian Pitts
brian at polibyte.com
Fri Oct 15 21:04:01 EDT 2010
On 10/14/2010 04:10 PM, Paul Cartwright wrote:
> On Thu October 14 2010, Chris Fowler wrote:
>> Our PBX was attacked and hacked. Lost about $72 in SIP charges. I've
>> implemented fail2ban and have changed our passwords. Looking at other
>> things to do as well.
>>
>> I know fail2ban works because there was an attempt today and fail2ban
>> did exactly what it should.
>
> # dpkg --list|grep fail
> ii fail2ban 0.8.4-2
> bans IPs that cause multiple authentication errors
>
> implemented fail2ban a while back.. just because I CAN :)
>
> seems to me I get an email every so often with updates on how many entries I
> have..
Did you set it up specifically to monitor the logs of your voip
software? Here is an example for asterisk.
http://blog.erben.sk/2010/04/18/blocking-sip-brute-force-attacks-with-fail2ban/
--
All the best,
Brian Pitts
More information about the Ale
mailing list