We’ve been getting a lot of fail2ban notifications lately, a lot of them originating from China and Palestine to name but two. All of our PBX’s are sat behind DSL routers using SIP, and the only ports open on the router are UDP 5060, as required by our SIP provider and UDP 10000 - 20000 for RTP.
Is there another way besides fail2ban to mitigate these attacks? What is everyone else’s experience?
I got hammered with lots of simultaneous calls/hacks and ended up whitelisting all my ports ie only allowing access to specified IP addresses.
to do this i had to change some of the ways we set things up and it was a fair bit of effort but it was worth it once we finally got there.
pbxiaf *11 fpbx 2.11
Only use sip registrations on 5060 when there is absolutely no alternative. Use iptables to block all connections on 5060 apart from those “exceptional” hosts/networks.