On Mon, Nov 29, 2010 at 2:01 PM, Hose <[email protected]> wrote: > So when someone's brute forcing your server is there a way to identify > the originating IPs without using a tcpdump? When I get a failed auth > on the console it shows 'acco...@asteriskserver' then tag=as25ca5023 (or > some random string, though it's a bit odd as alwaysauthreject = yes is > on in sip.conf). Anyway, the logs don't show anything more useful > either. Is there something obvious I'm missing? Cranking up verbosity > on the console doesn't seem to do anything. > > hose
You can use IPTABLES to log all traffic on a port for you. Instead of ACCEPT or DROP use LOG. -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
