4 Nov
2010
4 Nov
'10
10:02 p.m.
On 01/11/10 08:33, Conrad Wood wrote:
Hi all,
I am hosting a public asterisk box as backup support for some clients.
Most annoyingly since a few days I get hundreds of sip register probes
per minute.
I have fail2ban active which bans the ip, but it seems to be some sort
of bot network which immediately switches to another IP.
Needless to say, it is a pain.
As clients' phones register against the server (coming from dynamic ips)
I can't easily move to a different port or so ;(
Has anyone got any good suggestions?
Are you using something like this?
http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk
I've just moved out of VoIP but I'd suggest banning any IP that fails
registrations after say 10 attempts. Ban them for at least a day.
Last time I had to do this, I just debianised the script on the above
link and started using it. It worked pretty well.
Generally, I didn't think there were any other ways of screening - you
could perhaps try blocking registrations from non-UK IPs with iptables -
that might help you?