Securing Asterisk SIP (chan_sip.c) from attacks!
We did the following code modification to chan_sip.c to protect our servers from attacks about a year+ ago and has proved quite successful.
What it does: It logs the ip/user of failed login attempts and based on the set parameters (failed attempts per time) will block that IP from making anymore attempts for the duration specified.Since this is done silently hackers wont know if the password they sent was actually processed or not, rendering dictionary hacks useless.
Warning to critics: The following code is not meant to win the 'programmer of the year award'. It is a 'quick-fire' solution, derived from protecting our VOIP server (original code from Asterisk) to protect it from SIP hackers.
The code is released under GPL in the hope that it will be helpfull, as it has been to us, but with NO (ZERO) guarantees/warranties.
The file to modify/change is: channels/chan_sip.c.
Look for code block starting with '// PAL'.
Change the folder for the track file (source says /var/lib) to something different on YOUR machine(s) for added security.
This image shows how a (Chinese) hacker was blocked the moment we enabled it (our mysql example - we developed this first for Astersk (our customized version of it) and then ported it to MySQL).
Basically overwriting your file with this and recompiling Asterisk should work if your version matches ours (but backup your source first!). If you have a different version, cut and paste the PAL blocks to your chan_sip.c file.
See the MySQL version of this at http://www.abelcanada.com/securemysql.php