Hello I am new to this the system is mostly operational but I get calls from this sip vicious and scanners in the system and I feel like I need help with this. What to do. The firewall seemed to ban an address and then it was removed and the list changed. I need help on this as to what to do… as this cannot continue…
Why are the calls matching a valid number? People scanning generally want to call a premium rate number and extensions don’t normally look like such numbers.
Do you actually need to accept SIP traffic from everywhere? Otherwise use static rules to block most of it.
People report that using TLS, or even TCP, greatly reduces the number of attempts, although, unless you validate clients, that could change as attackers respond to countermeasures, used against them.
Using a port number nowhere related to 5060 can also reduce attacks although some scanners scan all 64K.
I’m new to this and cannot understand convulited discussion at the moment…
how do I ban this user?
[email protected]
Cisco-IPPhone/7965
how do I ban this ip to start and then I want to stop this attack? is there someone that speaks english instead of convulited code?
Sure, is your FreePBX is the cloud some where? Is your phone connecting to the PBX in the cloud?
this person 185.81.31.54 keeps harassing but I want to stop others as well…
I can give you a list of what I want to block…
[email protected]
Cisco-IPPhone/7965
[email protected]
Cisco-IPPhone/7965
Network: 185.81.30.0 - 185.81.31.255
Source Registry
RIPE NCC
Net Range
185.81.30.0 - 185.81.31.255
CIDR
185.81.30.0/23
Name
IPXO
Handle
185.81.30.0 - 185.81.31.255
Parent
185.81.28.0 - 185.81.31.255
Net Type
SUB-ALLOCATED PA
Origin AS
not provided
Registration
Sat, 25 Dec 2021 14:43:28 GMT (Sat Dec 25 2021 local time)
Last Changed
Tue, 26 Nov 2024 12:24:46 GMT (Tue Nov 26 2024 local time)
Self
https://rdap.db.ripe.net/ip/185.81.31.54
Copyright
Port 43 Whois
Related Entities
[ 5 Entities](javascript:void(0))
Kind
Individual
Full Name
IPXO-MNT
Handle
IPXO-MNT
Roles
Registrant
Self
https://rdap.db.ripe.net/entity/IPXO-MNT
Copyright
Port 43 Whois
not provided
Kind
Individual
Full Name
netutils-mnt
Handle
netutils-mnt
Roles
Registrant
Self
https://rdap.db.ripe.net/entity/netutils-mnt
Copyright
Port 43 Whois
not provided
Kind
Group
Full Name
Internet Utilities Admin/Tech Contact
Handle
NOC834
Address
6th Floor 9 Appold Street London, EC2A 2AP
Roles
Administrative, Technical
Self
https://rdap.db.ripe.net/entity/NOC834
Copyright
Port 43 Whois
not provided
Kind
Org
Full Name
Internet Utilities Europe and Asia Limited
Handle
ORG-IL687-RIPE
Telephone
+370 699 08833
Address
Regent street 207 W1B 3HH London UNITED KINGDOM
Roles
Registrant
Self
https://rdap.db.ripe.net/entity/ORG-IL687-RIPE
Copyright
Port 43 Whois
not provided
Kind
Group
Full Name
Internet Utilities Abuse Contact
Handle
IPXO834
Email
[email protected]
Address
6th Floor 9 Appold Street London, EC2A 2AP
Roles
Abuse
Port 43 Whois
not provided
Related Entities
[ 1 Entity](javascript:void(0))
Kind
Individual
Full Name
netutils-mnt
Handle
netutils-mnt
Roles
Registrant
Self
https://rdap.db.ripe.net/entity/netutils-mnt
Copyright
Port 43 Whois
not provided
yes, it is in the cloud with a VPS server and my phone connects to it… using microsip or softphone application and possibly actually yealink and other sargoma phones in the future…
can we ban this ip address for 1 but then I want to learn how to stop the future attacks with other ip addresses?
You need to secure your PBX with a firewall. You shouldn’t have Allow Guests enabled in the Asterisk SIP Settings either.
I have the firewall enabled? is there a command to ban it I did the addignore ip I am trying to stop this ip
[email protected]
Cisco-IPPhone/7965
how do I access Asterisk Sip settings?
is there a way to ban this ip address? [email protected]
Cisco-IPPhone/7965
how do I access Asterisk Sip settings? How do I get to not allow guests?
You ban it in the firewall.
what’s the clicks or the command line instructions?
these guis are terrible because there’s no way for you to explain you just do it …
Did you read any of the documentation? That is a big help.
I thought that would be a simple task but until I can figure out how to do it is there a way to sort of “unplug the PBX”
yes I read the documentation what part of the documentation will answer my question?
I will turn it off from the vps panel for now until I can get some answers… .hopefully I have to go somewhere … thank you for your help and hopefully I can figure this out…
The part that covers the System Firewall. This is pretty basic stuff.