It would be a good start to get an IP address for everything a SIP client does that gets logged.
I have a customer who insists on keeping the guest option turned to on and from time to time there are funny people who try to dial out phone numbers (and of course get no where), however the message doesn't log the IP address so I cannot use it with something like fail2ban. I would like to have it with the peer name, so I always have peer name + ip address on all logged messages for SIP or IAX On Thu, 14 May 2009, Ken Rice wrote: > Date: Thu, 14 May 2009 10:35:06 -0500 > From: Ken Rice <[email protected]> > Reply-To: Commercial and Business-Oriented Asterisk Discussion > <[email protected]> > To: Commercial and Business-Oriented Asterisk Discussion > <[email protected]> > Subject: Re: [asterisk-biz] Bad routign or hack attempt ? > > He's also using this IP address > 173.45.67.130 > > > > >> From: ContactTel Business <[email protected]> >> Reply-To: Commercial and Business-Oriented Asterisk Discussion >> <[email protected]> >> Date: Thu, 14 May 2009 10:15:47 -0400 >> To: 'Commercial and Business-Oriented Asterisk Discussion' >> <[email protected]> >> Subject: Re: [asterisk-biz] Bad routign or hack attempt ? >> >> Here is the trace.. please DEVs... add a reporting option to sip stack that >> will report on that ip , or something.. >> This guy has been hacking alot of servers and is currently under FBI >> investigation >> You see he's using s=Asterisk PBX 1.6.0.5. >> >> >> >> >> U 2009/05/14 06:42:17.973715 93.190.143.10:5060 -> 174.x.x.x:5060 >> INVITE sip:[email protected]/2.0. >> Via: SIP/2.0/UDP 93.190.143.10:5060;branch=z9hG4bK3f5cffbb;rport. >> Max-Forwards: 70. >> From: "MeucciSolutions" <sip:[email protected]>;tag=as123b6c7b. >> To: <sip:[email protected]>. >> Contact: <sip:[email protected]>. >> Call-ID: [email protected]. >> CSeq: 102 INVITE. >> User-Agent: MeucciSolutions. >> Date: Thu, 14 May 2009 10:42:25 GMT. >> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY. >> Supported: replaces, timer. >> Content-Type: application/sdp. >> Content-Length: 287. >> . >> v=0. >> o=root 634218215 634218215 IN IP4 93.190.143.10. >> s=Asterisk PBX 1.6.0.5. >> c=IN IP4 93.190.143.10. >> t=0 0. >> m=audio 10990 RTP/AVP 8 0 101. >> a=rtpmap:8 PCMA/8000. >> a=rtpmap:0 PCMU/8000. >> a=rtpmap:101 telephone-event/8000. >> a=fmtp:101 0-16. >> a=silenceSupp:off - - - -. >> a=ptime:20. >> a=sendrecv. >> >> >>>> -----Original Message----- >>>> From: [email protected] [mailto:asterisk-biz- >>>> [email protected]] On Behalf Of Elliot Otchet >>>> Sent: May-13-09 7:43 PM >>>> To: '[email protected]' >>>> Subject: Re: [asterisk-biz] Bad routign or hack attempt ? >>>> >>>> Agreed. We've seen it too. >>>> >>>> Pardon the typos, my Blackberry has small buttons. >>>> Elliot Otchet >>>> Calling Circles LLC >>>> >>>> ----- Original Message ----- >>>> From: [email protected] <asterisk-biz- >>>> [email protected]> >>>> To: Commercial and Business-Oriented Asterisk Discussion <asterisk- >>>> [email protected]> >>>> Sent: Wed May 13 19:27:03 2009 >>>> Subject: Re: [asterisk-biz] Bad routign or hack attempt ? >>>> >>>> >>>> Hack attempt 100%. Ban it. >>>> >>>> --- On Wed, 5/13/09, ContactTel Business <[email protected]> wrote: >>>> >>>>> From: ContactTel Business <[email protected]> >>>>> Subject: [asterisk-biz] Bad routign or hack attempt ? >>>>> To: "'Commercial and Business-Oriented Asterisk Discussion'" >>>> <[email protected]> >>>>> Date: Wednesday, May 13, 2009, 7:05 PM >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Seems someone at [email protected] >>>>> could be trying to break in .. >>>>> >>>>> >>>>> >>>>> Anyone have heard of any of the 2 >>>>> parts of the uri ? >>>>> >>>>> >>>>> >>>>> Thanks >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -----Inline Attachment Follows----- >>>>> >>>>> _______________________________________________ >>>>> --Bandwidth and Colocation Provided by http://www.api-digital.com-- >>>>> >>>>> asterisk-biz mailing list >>>>> To UNSUBSCRIBE or update options visit: >>>>> http://lists.digium.com/mailman/listinfo/asterisk-biz >>>> >>>> _______________________________________________ >>>> --Bandwidth and Colocation Provided by http://www.api-digital.com-- >>>> >>>> asterisk-biz mailing list >>>> To UNSUBSCRIBE or update options visit: >>>> http://lists.digium.com/mailman/listinfo/asterisk-biz >>>> >>>> This message is intended only for the use of the individual (s) or >>>> entity to which it is addressed and may contain information that is >>>> privileged, confidential, and/or proprietary to Calling Circles LLC and >>>> its affiliates. If the reader of this message is not the intended >>>> recipient, you are hereby notified that any dissemination, >>>> distribution, forwarding or copying of this communication is prohibited >>>> without the express permission of the sender. If you have received this >>>> communication in error, please notify the sender immediately and delete >>>> the original message. >>>> _______________________________________________ >>>> --Bandwidth and Colocation Provided by http://www.api-digital.com-- >>>> >>>> asterisk-biz mailing list >>>> To UNSUBSCRIBE or update options visit: >>>> http://lists.digium.com/mailman/listinfo/asterisk-biz >> >> >> _______________________________________________ >> --Bandwidth and Colocation Provided by http://www.api-digital.com-- >> >> asterisk-biz mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-biz > > > > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz > _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
