How do you stop any external SIP’s from accessing my PBX. I have been getting a bunch of failed attempts email from my system. I am concerned someone may eventually break in and try and make calls.
I only use my phones internal to my network and if I use one SIP external for an extension I would only allow it through that extension. Is there just a flat way to deny all these attempts and still be able to run my system?
Please let me know what steps I can take.
This is not a definitive list and I am not a expert but the following were the most recommended I have found previously.
- Change default Asterisk manager password.
- For all passwords use a password generator for random strong passwords. Mine are no less than 25 characters, no dictionary words, upper and lower case mix. This goes for endpoints as well.
- Use alternate ports for SSH and HTTP. See the Wiki I believe some good info is there on this process.
- Read up on Blacklisting and Fail2ban. I blacklist all caller I’d ranges that I see hit from unknowns, like 1000 or 100 etc. If I know I skill not be getting calls from a particular range.
- System admin>Intrusion Detection. Set your attempts low if you are the only person accessing. Blacklist known problem IPs if for some odd reason fail2ban doesn’t grab of, which is rare.
There are many more people on here more knowledgeable than me but this is a good place to start. Hope it helps.
We are having issues where someone is attempting to make a sip connection using extension like 100, 1000, 202… How do you blacklist extensions?