The failregex statement in my jail.conf file is:
*
failregex* = NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Wrong
password
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No
matching peer found
NOTICE.* .*: Registration from '.*' failed for '<HOST>' -
Username/auth name mismatch
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Device
does not match ACL
NOTICE.* <HOST> failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' (from <HOST>)
NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - ACL
error (permit/deny)
This is a log entry in /var/log/asterisk/full that shows the scan being
performed:
*2010-08-01 07:00:13 NOTICE[22540] chan_sip.c: Registration from
'"123456"<sip:123...@************>' failed for '193.158.62.48' - ACL error
(permit/deny)*
The problem is that fail2ban does not detect this attack that was performed
for an amount of time of about half an hour.
Please help me identify the problem.
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
