GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sinologicnet → Sipcheck

sinologicnet / Sipcheck

Licence: gpl-2.0
SIPCheck is a tool that watch the authentication of users of Asterisk and bans automatically if some user (or bot) try to register o make calls using wrong passwords.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

security-toolsfirewallasterisk

Projects that are alternatives of or similar to Sipcheck

Dnxfirewall
dnxfirewall (dad's next-gen firewall), a pure Python next generation firewall built on top of Linux kernel/netfilter.
Stars: ✭ 174 (+770%)
Mutual labels:  security-tools, firewall
Sippts
Set of tools to audit SIP based VoIP Systems
Stars: ✭ 116 (+480%)
Mutual labels:  asterisk, security-tools
astlinux
AstLinux is a "Network Appliance for Communications" x86_64 Linux distribution
Stars: ✭ 23 (+15%)
Mutual labels:  firewall, asterisk
Deprecated Patrol Rules Aws
A set of functions implemented using lambda-cfn to monitor an organization's AWS infrastructure for best practices, security and compliance.
Stars: ✭ 16 (-20%)
Mutual labels:  security-tools
Cacofonisk
Who's calling?
Stars: ✭ 17 (-15%)
Mutual labels:  asterisk
Mikrotik Hotspot Sms
Stars: ✭ 23 (+15%)
Mutual labels:  asterisk
Hacking With Golang
Golang安全资源合集
Stars: ✭ 876 (+4280%)
Mutual labels:  security-tools
Vivalasvenus
@viva_las_venus -- This project is to learn, teach and awareness about privacy and security in the digital life, to build a better, more open and more inclusive world together!
Stars: ✭ 16 (-20%)
Mutual labels:  security-tools
Golang Tls
Simple Golang HTTPS/TLS Examples
Stars: ✭ 857 (+4185%)
Mutual labels:  security-tools
Ylva
Command line password manager for Unix-like operating systems
Stars: ✭ 23 (+15%)
Mutual labels:  security-tools
Kaudit
Alcide Kubernetes Audit Log Analyzer - Alcide kAudit
Stars: ✭ 23 (+15%)
Mutual labels:  security-tools
Secretscanner
Find secrets and passwords in container images and file systems
Stars: ✭ 895 (+4375%)
Mutual labels:  security-tools
Changeme
A default credential scanner.
Stars: ✭ 928 (+4540%)
Mutual labels:  security-tools
Owasp Threat Dragon Gitlab
OWASP Threat Dragon with Gitlab Integration
Stars: ✭ 17 (-15%)
Mutual labels:  security-tools
Yypbd Delphi Headerporting
Win32 Header Porting
Stars: ✭ 10 (-50%)
Mutual labels:  firewall
Marsnake
System Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems
Stars: ✭ 16 (-20%)
Mutual labels:  security-tools
Trivy
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
Stars: ✭ 9,673 (+48265%)
Mutual labels:  security-tools
Subdomainizer
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Stars: ✭ 915 (+4475%)
Mutual labels:  security-tools
Security Checklist
A checklist for staying safe on the internet
Stars: ✭ 908 (+4440%)
Mutual labels:  security-tools
Csp
The Cyber Security Platform MeliCERTes is part of the European Strategy for Cyber Security. MeliCERTes is a network for establishing confidence and trust among the national Computer Security Incident Response Teams (CSIRTs) of the Member States and for promoting swift and effective operational cooperation.
Stars: ✭ 23 (+15%)
Mutual labels:  security-tools
View All Similar Projects ➔

SIPCheck v.3.0

Introduction

SIPCheck is a tool that watch the authentication of users of Asterisk and bans automatically if some user (or bot) try to register o make calls using wrong passwords.

Unlike Fail2Ban, SIPCheck manage, not just the attacker, also the clients that you have trust so if you have SIP users that has demostrated that they are trusted, it will don't ban although we receive wrong password, because it would means that lots of SIP clients behind of this IP could be banned too.

For this reason, we have redesign from scratch this application with several features respect of older versions.

  • Easier: Easy of installing, configure and execute.
  • Resources: Oriented to great systems with a lot number of simoultaneous calls, avoiding access to log files and parsing of lots of real time information.
  • Persistent: Don't worry if you have to restart the application or the system, SIPCheck keep the attackers into the firewall when it start again.
  • Confidable: New system of expire time will keep the IPTable clean of old attackers avoiding unending and uncontrollable lists.
  • Control: Using the small config file sipcheck.conf, you can control the number of tries before to ban the access, the time that attackers will be on the firewall and the time that suspected users will be under watch.

Requirements

SIP Check requires been executed in the same system where Asterisk run. (it could run in other system but the firewall will be used in the same system where it run). SIPCheck needs root privileges to be able to insert and remove rules into the firewall.

Python 3

SIPCheck 3 works using Python 3 and the libraries defined in requirements.txt

Asterisk manager account

/etc/asterisk/manager.conf must have some manager user like this (change user and password variables):

You have create a new user of Asterisk Manager Interface.

[CHANGETHISUSER]
secret = CHANGETHISPASSWORD
deny = 0.0.0.0/0.0.0.0
permit = 127.0.0.1/255.255.255.255
read = security
write = system

Once created/modified this user, you have to reload manager configuration:

asterisk -rx 'manager reload'

How to Install

# Download github repository
git clone https://github.com/sinologicnet/sipcheck.git /opt/sipcheck
cd /opt/sipcheck

# Update repositories
apt-get update

# Install PIP for Python3
apt-get install python3-pip

# Install the libraries required 
pip3 install -r requirements.txt

# Copy the sample of configuration file into a official configuration file
cp sipcheck.conf.sample sipcheck.conf

# Edit this file to configure SIPCheck
nano sipcheck.conf

# Make executable sipcheck.py
chmod 777 sipcheck.py

# Insert the script into systemd
cp /opt/sipcheck/sipcheck.service /etc/systemd/system/
systemctl enable sipcheck

# Start the application
systemctl start sipcheck

# Check if everything is working fine
tail -f /var/log/sipcheck.log

Real example of how it works...

2020-03-14 19:25:51,309 INFO: -----------------------------------------------------
2020-03-14 19:25:51,309 INFO: Starting SIPCheck 3 ...
2020-03-14 19:25:51,309 INFO: + Added 185.53.88.49,1584140431 into blacklist again from the time: 1584140431
2020-03-14 19:25:51,309 INFO: BL: Detected attack from IP: '185.53.88.49' (Banning address)
2020-03-14 19:25:51,312 INFO: + Added 195.154.28.205,1584140431 into blacklist again from the time: 1584140431
2020-03-14 19:25:51,312 INFO: BL: Detected attack from IP: '195.154.28.205' (Banning address)
2020-03-14 19:25:51,313 INFO: + Added 92.246.85.154,1584140431 into blacklist again from the time: 1584140431
2020-03-14 19:25:51,313 INFO: BL: Detected attack from IP: '92.246.85.154' (Banning address)
2020-03-14 19:25:51,315 INFO: + Added 113.141.67.163,1584140431 into blacklist again from the time: 1584140431
2020-03-14 19:25:51,315 INFO: BL: Detected attack from IP: '113.141.67.163' (Banning address)
2020-03-14 19:25:51,317 INFO: + Added 192.227.132.19,1584140431 into blacklist again from the time: 1584140431
2020-03-14 19:25:51,317 INFO: BL: Detected attack from IP: '192.227.132.19' (Banning address)
2020-03-14 19:25:51,319 INFO: + Added 45.143.220.240,1584140431 into blacklist again from the time: 1584140431
2020-03-14 19:25:51,319 INFO: BL: Detected attack from IP: '45.143.220.240' (Banning address)
2020-03-14 19:25:51,321 INFO: + Added 45.143.221.59,1584200178 into blacklist again from the time: 1584200178
2020-03-14 19:25:51,321 INFO: BL: Detected attack from IP: '45.143.221.59' (Banning address)
2020-03-14 19:25:51,322 INFO: + Added 192.3.140.204,1584200178 into blacklist again from the time: 1584200178
2020-03-14 19:25:51,322 INFO: BL: Detected attack from IP: '192.3.140.204' (Banning address)
2020-03-14 19:25:51,324 INFO: + Added 185.221.135.138,1584200178 into blacklist again from the time: 1584200178
2020-03-14 19:25:51,324 INFO: BL: Detected attack from IP: '185.221.135.138' (Banning address)
2020-03-14 19:25:51,326 INFO: + Added 45.143.220.25,1584200178 into blacklist again from the time: 1584200178
2020-03-14 19:25:51,326 INFO: BL: Detected attack from IP: '45.143.220.25' (Banning address)
2020-03-14 19:25:51,331 INFO: + Added 10.10.10.10 into whitelist during one year
2020-03-14 19:25:51,332 INFO: + Added 10.10.12.12 into whitelist during one year
2020-03-14 19:25:51,341 INFO: protocol version: '5.0.0'
2020-03-14 19:25:51,342 INFO: Sending awaiting actions
2020-03-14 19:47:09,842 WARNING: Received anonymous INVITE from IP 91.212.38.210
2020-03-14 20:47:14,776 INFO: TL: Expired time for 91.212.38.210
2020-03-14 21:14:17,786 WARNING: Received wrong password for user Administrator from IP 45.234.152.38
2020-03-14 21:50:28,963 WARNING: Received wrong password for user administrator from IP 45.234.152.38
2020-03-14 22:07:02,806 WARNING: Received wrong password for user 10 from IP 45.234.152.38
2020-03-14 22:14:18,490 INFO: TL: Expired time for 45.234.152.38
2020-03-14 22:24:22,969 WARNING: Received anonymous INVITE from IP 45.143.220.220
2020-03-14 22:43:22,100 WARNING: Received wrong password for user 11 from IP 45.234.152.38
2020-03-14 23:19:42,874 WARNING: Received wrong password for user 100 from IP 45.234.152.38
2020-03-14 23:24:26,489 INFO: TL: Expired time for 45.143.220.220
2020-03-14 23:27:28,488 WARNING: Received anonymous INVITE from IP 45.143.220.214
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].