# Asterisk and VOIPBL - Because They'll Break The Door Down
## Asterisk and VOIPBL - Because They'll Break The Door Down
###### Verson 1.01 - 16-AUG-2022
###### Verson 1.01 - 16-AUG-2022
## The Sad State Of Things
### The Sad State Of Things
If you thought it was hard running an SSH server in the open....then a SIP server is worse. Never in my life have I seen so any attacks on one service attempted in my life. I'm talking DDOS level of attacks. So called "security distros" like Kali are nothing more than hacking tools in disguse. 99% of my attacks are coming from tools in Kali that take no expierence to use. So you'll start spending more time locking your server down than you did making it work.
If you thought it was hard running an SSH server in the open....then a SIP server is worse. Never in my life have I seen so any attacks on one service attempted in my life. I'm talking DDOS level of attacks. So called "security distros" like Kali are nothing more than hacking tools in disguse. 99% of my attacks are coming from tools in Kali that take no expierence to use. So you'll start spending more time locking your server down than you did making it work.
## NUMBERED LOGINS ARE BAD
### NUMBERED LOGINS ARE BAD
It's standard practice that if you're going to give someone extension 1234...that their sip login is 1234. This is both stupid and unnecessary. Out of all the attempted attacks I've seen...only TWO were trying to exploit a name-based account. You do not need to give your users the same auth ID as their extension. They do not to be <extension>@hosname. You should NEVER have a SIP login be number based anymore. ***NEVER NEVER NEVER***
It's standard practice that if you're going to give someone extension 1234...that their sip login is 1234. This is both stupid and unnecessary. Out of all the attempted attacks I've seen...only TWO were trying to exploit a name-based account. You do not need to give your users the same auth ID as their extension. They do not to be `<####>@hosname`. You should NEVER have a SIP login be number based anymore. ***NEVER NEVER NEVER***
Instead...you should use names or a unique ID that's not based on a dictionary word. So sip:1234@hostname should instead be sip:username@hostname - Then you set extension 1234 to dial PJSIP/username.
Instead...you should use names or a unique ID that's not based on a dictionary word. So sip:1234@hostname should instead be sip:username@hostname - Then you set extension 1234 to dial PJSIP/username.
This is no longer an Asterisk Power User Move. It should be your default behavior.
This is no longer an Asterisk Power User Move. It should be your default behavior.
## Setting up VoIPBL/fail2ban/iptables For Asterisk
### Setting up VoIPBL/fail2ban/iptables For Asterisk
VoipBL.org is a blacklist service provided by ScopServ International. It provides a list of known bad actor IPs as well as a system for allowing users to submit violators. It may not the be the only service that does this...it was however the most numerous result when looking for VOIP blacklists.
VoipBL.org is a blacklist service provided by ScopServ International. It provides a list of known bad actor IPs as well as a system for allowing users to submit violators. It may not the be the only service that does this...it was however the most numerous result when looking for VOIP blacklists.