As Internet accessible corporate Voice over IP servers continue to grow in number, so does the risk of rogue individuals gaining access to SIP extensions due to weak or poorly managed Asterisk passwords.
You can protect your Asterisk server using Fail2Ban. Fail2ban scans log files like /var/log/asterisk/full or /var/log/secure and bans IP addresses with to any password failures. It then updates firewall rules to reject the IP address permenantly or for a administrator defined period of time.
This article does NOT negate the need to set strong SIP extension passwords or change system default passwords, this is purely aimed at countering the most common way to hack SIP servers: Brute-forcing SIP passwords.
To install Fail2Ban for Asterisk –
SSH to your VoIP server and login as root , then type the following commands:
yum -y install jwhois
cd /usr/src/
wget http://sourceforge.net/projects/fail2ban/files/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2/download
tar -jxf fail2ban-0.8.4.tar.bz2
cd fail2ban-0.8.4
python setup.py install
cp /usr/src/fail2ban-0.8.4/files/redhat-initd /etc/init.d/fail2ban
chmod 755 /etc/init.d/fail2ban
cd /etc/fail2ban/filter.d
touch asterisk.conf
Copy these the following into a new configuration file: /etc/fail2ban/filter.d/asterisk.conf: Continue reading “Protect your Asterisk server against brute forcing”