小弟有架設網頁伺服器。
但是最近一直被DDOS攻擊。
我用監測IP軟體看。會同時有一堆IP連線進來。每一組IP都不一樣。
所以想說添購一台防火牆作稍微的防禦。
因為想自己練習防禦。所以不想租用網路空間。
預算大概四萬以內。
希望可以稍微檔住DDOS。
還拜託各位給予建議!
個人積分:8781分
文章編號:40761218
個人積分:278分
文章編號:40762382
個人積分:8781分
文章編號:40763018
昨天,又請他幫我寫 以下的動態防火牆!
有 ip DDOS 應該擋下,剩下沒 ip了!
補上記錄:
駭客已經到我家門口了!
64. 2012-12-23 01:49:30 SIP/122.11... 5000 "5000" <5000> s ANSWERED 00:00
65. 2012-12-23 01:49:29 SIP/122.11... 3003 "3003" <3003> s ANSWERED 00:00
66. 2012-12-23 01:49:29 SIP/122.11... 3004 "3004" <3004> s ANSWERED 00:00
67. 2012-12-23 01:49:29 SIP/122.11... 3005 "3005" <3005> s ANSWERED 00:01
68. 2012-12-23 01:49:28 SIP/122.11... 2006 "2006" <2006> s ANSWERED 00:00
69. 2012-12-23 01:49:28 SIP/122.11... 2020 "2020" <2020> s ANSWERED 00:00
70. 2012-12-23 01:49:28 SIP/122.11... 3000 "3000" <3000> s ANSWERED 00:00
71. 2012-12-23 01:49:28 SIP/122.11... 3001 "3001" <3001> s ANSWERED 00:01
72. 2012-12-23 01:49:28 SIP/122.11... 3002 "3002" <3002> s ANSWERED 00:01
73. 2012-12-23 01:49:27 SIP/122.11... 2002 "2002" <2002> s ANSWERED 00:00
74. 2012-12-23 01:49:27 SIP/122.11... 2003 "2003" <2003> s ANSWERED 00:00
75. 2012-12-23 01:49:27 SIP/122.11... 2004 "2004" <2004> s ANSWERED 00:01
76. 2012-12-23 01:49:27 SIP/122.11... 2005 "2005" <2005> s ANSWERED 00:01
77. 2012-12-23 01:49:26 SIP/122.11... 1005 "1005" <1005> s ANSWERED 00:00
78. 2012-12-23 01:49:26 SIP/122.11... 1006 "1006" <1006> s ANSWERED 00:00
79. 2012-12-23 01:49:26 SIP/122.11... 1010 "1010" <1010> s ANSWERED 00:00
80. 2012-12-23 01:49:26 SIP/122.11... 2000 "2000" <2000> s ANSWERED 00:01
81. 2012-12-23 01:49:26 SIP/122.11... 2001 "2001" <2001> s ANSWERED 00:01
82. 2012-12-23 01:49:25 SIP/122.11... 210 "210" <210> s ANSWERED 00:00
83. 2012-12-23 01:49:25 SIP/122.11... 1000 "1000" <1000> s ANSWERED 00:00
84. 2012-12-23 01:49:25 SIP/122.11... 1001 "1001" <1001> s ANSWERED 00:00
85. 2012-12-23 01:49:25 SIP/122.11... 1002 "1002" <1002> s ANSWERED 00:00
86. 2012-12-23 01:49:25 SIP/122.11... 1003 "1003" <1003> s ANSWERED 00:01
87. 2012-12-23 01:49:25 SIP/122.11... 1004 "1004" <1004> s ANSWERED 00:01
88. 2012-12-23 01:49:24 SIP/122.11... 206 "206" <206> s ANSWERED 00:00
89. 2012-12-23 01:49:24 SIP/122.11... 207 "207" <207> s ANSWERED 00:00
90. 2012-12-23 01:49:24 SIP/122.11... 208 "208" <208> s ANSWERED 00:00
91. 2012-12-23 01:49:24 SIP/122.11... 209 "209" <209> s ANSWERED 00:01
92. 2012-12-23 01:49:23 SIP/122.11... 202 "202" <202> s ANSWERED 00:00
93. 2012-12-23 01:49:23 SIP/122.11... 203 "203" <203> s ANSWERED 00:00
94. 2012-12-23 01:49:23 SIP/122.11... 204 "204" <204> s ANSWERED 00:01
95. 2012-12-23 01:49:23 SIP/122.11... 205 "205" <205> s ANSWERED 00:01
96. 2012-12-23 01:49:22 SIP/122.11... 103 "103" <103> s ANSWERED 00:00
97. 2012-12-23 01:49:22 SIP/122.11... 104 "104" <104> s ANSWERED 00:00
98. 2012-12-23 01:49:22 SIP/122.11... 105 "105" <105> s ANSWERED 00:01
99. 2012-12-23 01:49:22 SIP/122.11... 200 "200" <200> s ANSWERED 00:01
100. 2012-12-23 01:49:22 SIP/122.11... 201 "201" <201> s ANSWERED 00:01
101. 2012-12-23 01:49:21 SIP/122.11... 101 "101" <101> s ANSWERED 00:01
102. 2012-12-23 01:49:21 SIP/122.11... 102 "102" <102> s ANSWERED 00:01
103. 2012-12-23 01:49:21 SIP/122.11... 2335716193 "2335716193" <2335716193> s ANSWERED 00:01
引用自 Osslab:
重大安全威脅
[2011-6-3] 連 Fail2Ban 都無法阻擋的攻擊方式,當攻擊者在未註冊狀態下直接撥 Asterisk 的分機時,不管分機存在與否,Asterisk 都不會紀錄來源 IP,以致於無法使用 fail2ban 進行阻擋,攻擊者可藉此做出類似 DDos 攻擊以癱瘓 Asterisk 主機。(目前尚未有合適的解決方案 可修改dialplan 來改善)
參考連結一
參考連結二
參考連結三
建議方案
[Digium] Seven Steps to Better SIP Security with Asterisk
Automatically Block Failed SIP Peer Registrations
用 perl 開發的 script,以排程定時執行,過濾 Asterisk Logs 未註冊成功訊息的來源 IP 位址,以 iptables 阻擋。
Fail2Ban - 用 Python 語言開發,以分析應用程式的日誌檔,符合關鍵字的用 iptables 修改防火牆規則。
- Fail2Ban (with iptables) And Asterisk
- fail2ban::Asterisk
- Install Fail2Ban on Elastix 1.6
個人積分:8781分
文章編號:40905157
