I installed new instance of ASTPP 4.0.1 in the cloud and so far it is working great and I am happy that it is working correctly. Now, problem is, since it is hosted on a public ip (i don’t have a FQDN), I have started getting unwanted REGISTER and INVITE attacks, plus a lot of unwanted traffic from the web. I have tried using fail2ban, voipbl.org, every conceivable way, but the offending ips are still there (maybe wrong fail2ban and voipbl settings??) . I read somewhere about using the ACL, but I haven’t figured it out yet how to do it. Anyone experienced with that? I have reached a point where I am considering adding a opensips or kamailio sip proxy infront of the ASTPP, but I do not know how to integrate them with ASTPP. Any help?
Thanks @hemdip.badani , I realized fail2ban is automatically installed and has the sshd jail present by default in ASTPP. It is confusing how the sshd jail is active without having the line “enabled = true” in its description in jail.conf file. How does one activate the other jails? I tried copying jail.conf into a new file jail.local and add a line “enabled = true” within the particular jail eg [freeswitch], but that broke fail2ban.
I will check out the link about ACL to have a better understanding, thanks.
Have you ever tried using opensips or kamailio as a sip edge proxy?
I dove deeply into the fail2ban documentation and realized that later versions of fail2ban has a different way to customize and activate custom jails. So far I’m getting the jist of it because the attacks have reduced significantly, though still not completely comfortable that I have decently secured the system. I will keep everyone updated.
Anyone else with insights on how to use kamailio, opensips as an edge proxy for ASTPP?