[arm-allstar] SIP Attack in logs
David McGough
kb4fxc at inttek.net
Thu Mar 26 17:39:30 EDT 2020
Hi Mike,
I guess you're using chan_sip for some type of connectivity (like
an autopatch?)? If you're not using it, I recommend disabling this
module (set "noload=chan_sip.so" in /etc/asterisk/modules.conf).
If you are using chan_sip, if it's for autopatch service, you can probably
add an iptables rule that only allows traffic to/from the SIP provider.
The stream of Internet attacks is constant these days. As with any
application server, your HamVoIP OR ASL system shouldn't really be exposed
directly to the Internet without some type of filtering.
73, David KB4FXC
On Thu, 26 Mar 2020, "Mike Sullivan via ARM-allstar" wrote:
> If you guys want a laugh during these troubling times.. I just checked my
> Allstar log.. early on the 24th (around 8am) an IP from Estonia seemed to
> try to connect to the SIP module, I assume some sort of brute force attack.
> Numerous "registration from x failed" messages and "call from x failed due
> to extension not found" messages. Not sure if I should be worried..
> probably not, because they couldn't do anything.
>
> Mike
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>
More information about the ARM-allstar
mailing list