Thanks @PitzKey, if I’m reading this correctly, FreePBX could have a field on the extension advanced tab to accept a ‘Domain’ such that only registration attempts to that domain would be successful. All other registration attempts would receive a 403 and there appears to already be a fail2ban regex to act on the corresponding registration failure log line. Other fields in Asterisk SIP settings could allow aliases to be defined.
I don’t see a practical way of adding the domain manually by editing conf files.
That’s correct. I’ve been thinking about contributing something to either, like you said, in the advanced tab enter a domain and FreePBX will regenerate the config with [email protected] Or a module which allows you to enter domains, group domains together (helpful if the extension passes a proxy sometimes) and then in the extension advanced tab select a domain or domain group from a drop-down menu.
I am very interested in this. Have you implemented this in your FPBX system? If so, how are you doing it? I have seen other PBXs use this ( Like FreeSwitch) and they say that it dramatically cuts down on bots trying to hammer the server.
Asterisk will still respond with a 401 when this is implemented. This does not stop bots from discovering your server, Rather, it’s another layer of security and if you have fail2ban tuned properly it can be another way to lower the amount of requests that do not contain a domain in the REGISTER request.
No. As this requires modifying the script that actually writes out these conf files. I had no success yet in locating the scripts, so I haven’t done anything yet with this.