Improving intrusion blocking

General Help
1

Our server is sitting on a private 10.0.0.x network behind a RV042 Cisco router using a Billion modem in bridge mode.

There are NO inbound ports directed at this system. uPNP is off, and there is nothing in the forwarding table.

grep “Registered SIP” /var/log/asterisk/full* shows only Registered SIP’s from within the 10.0.0.x network

However, someone in palestine remains convinced they should be using our phones…

I’m looking for advice / guidance that will help us to prevent what we are seeing here:

[2013-10-22 12:20:49] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“8402” sip:[email protected]:5060’ failed for ‘82.205.12.196:24611’ - No matching peer found
[2013-10-22 12:20:49] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“8402” sip:[email protected]:5060’ failed for ‘82.205.12.196:24611’ - No matching peer found
[2013-10-22 12:20:49] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“8402” sip:[email protected]:5060’ failed for ‘82.205.12.196:24611’ - No matching peer found
[2013-10-22 12:21:08] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“11926” sip:[email protected]:5060’ failed for ‘82.205.12.196:24499’ - No matching peer found
[2013-10-22 12:21:08] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“11926” sip:[email protected]:5060’ failed for ‘82.205.12.196:24499’ - No matching peer found
[2013-10-22 12:21:08] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“11926” sip:[email protected]:5060’ failed for ‘82.205.12.196:24499’ - No matching peer found
[2013-10-22 12:21:08] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“11926” sip:[email protected]:5060’ failed for ‘82.205.12.196:24499’ - No matching peer found
[2013-10-22 12:21:19] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“15450” sip:[email protected]:5060’ failed for ‘82.205.12.196:24490’ - No matching peer found
[2013-10-22 12:21:19] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“15450” sip:[email protected]:5060’ failed for ‘82.205.12.196:24490’ - No matching peer found
[2013-10-22 12:21:20] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“15450” sip:[email protected]:5060’ failed for ‘82.205.12.196:24490’ - No matching peer found
[2013-10-22 12:21:20] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“15450” sip:[email protected]:5060’ failed for ‘82.205.12.196:24490’ - No matching peer found
[2013-10-22 12:21:35] NOTICE[3207]: chan_sip.c:24019 handle_request_invite: Sending fake auth rejection for device 3010sip:[email protected];tag=70e07f29
[2013-10-22 12:21:35] NOTICE[3207]: chan_sip.c:24019 handle_request_invite: Sending fake auth rejection for device 3010sip:[email protected];tag=70e07f29
[2013-10-22 12:21:35] NOTICE[3207]: chan_sip.c:24019 handle_request_invite: Sending fake auth rejection for device 3010sip:[email protected];tag=70e07f29
[2013-10-22 12:21:35] NOTICE[3207]: chan_sip.c:24019 handle_request_invite: Sending fake auth rejection for device 3010sip:[email protected];tag=70e07f29
[2013-10-22 12:22:14] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“2001” sip:[email protected]:5060’ failed for ‘82.205.12.196:24490’ - No matching peer found
[2013-10-22 12:22:14] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“2001” sip:[email protected]:5060’ failed for ‘82.205.12.196:24490’ - No matching peer found
[2013-10-22 12:22:15] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“2001” sip:[email protected]:5060’ failed for ‘82.205.12.196:24490’ - No matching peer found
[2013-10-22 12:22:15] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“2001” sip:[email protected]:5060’ failed for ‘82.205.12.196:24490’ - No matching peer found
[2013-10-22 12:22:30] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“1355” sip:[email protected]:5060’ failed for ‘82.205.12.196:23655’ - No matching peer found
[2013-10-22 12:22:30] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“1355” sip:[email protected]:5060’ failed for ‘82.205.12.196:23655’ - No matching peer found
[2013-10-22 12:22:31] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“1355” sip:[email protected]:5060’ failed for ‘82.205.12.196:23655’ - No matching peer found
[2013-10-22 12:22:31] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“1355” sip:[email protected]:5060’ failed for ‘82.205.12.196:23655’ - No matching peer found
[2013-10-22 12:22:46] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“4879” sip:[email protected]:5060’ failed for ‘82.205.12.196:24499’ - No matching peer found
[2013-10-22 12:22:46] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“4879” sip:[email protected]:5060’ failed for ‘82.205.12.196:24499’ - No matching peer found
[2013-10-22 12:22:47] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“4879” sip:[email protected]:5060’ failed for ‘82.205.12.196:24499’ - No matching peer found
[2013-10-22 12:22:47] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“4879” sip:[email protected]:5060’ failed for ‘82.205.12.196:24499’ - No matching peer found
[2013-10-22 12:23:07] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“8403” sip:[email protected]:5060’ failed for ‘82.205.12.196:5060’ - No matching peer found
[2013-10-22 12:23:07] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“8403” sip:[email protected]:5060’ failed for ‘82.205.12.196:5060’ - No matching peer found
[2013-10-22 12:23:08] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“8403” sip:[email protected]:5060’ failed for ‘82.205.12.196:5060’ - No matching peer found
[2013-10-22 12:23:08] NOTICE[3207]: chan_sip.c:26621 handle_request_register: Registration from ‘“8403” sip:[email protected]:5060’ failed for ‘82.205.12.196:5060’ - No matching peer found

Thanks in advance for any thoughts you are able to offer.

Cheers Scullers

2

Fail2ban and asterisk 11 following this recipe:-

http://sourceforge.net/p/raspbx/discussion/tutorials/thread/6288a838/

will catch those attacks.