Guys, please help me.
using sngrep, I have noticed several Rejected Invites as shown in the example below.
I noticed that in these Invites, there are several different ips addresses. I believe precisely to make the blocks more difficult.
what’s strange that even with the Firewall enabled these ips are not being blocked.
what do you recommend me to do in this case?
Are you using the Geo Firewall? Where are you based?
Hi I’m not using GEo Firewall.
this installation is on a VM on google Cloud here in Brazil
You could use the Geo Firewall for blocking those countries with which you don’t have a business.
For example, the IP that is attacking you is from France. With the Geo Firewall, you can block the whole county.
but shouldn’t the firewall have blocked this ip?
there is no way to manually add this ip on the firewall?
configuration om my firewall
Yes, the fail2ban will try to block the IP, but if the attacker changes its IP frequently, then it would be hard to block it.
I recommend you use the Geo Firewall to enhance your PBX security.
Another thing to note with SNGREP is that it looks beyond the firewall at the NIC itself, so you will see traffic before it gets blocked by IPTables.
However, in the picture OP shared you see that Asterisk did respond to the request.
Can you check if firewall rules are active on server (by iptables -vnL)?
Did you changed anyhow iptables rules from commandline?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
