Hi List Recently i have noticed this attack on couple of servers, usually a foreign IP starts sending tons of register request without any answer to authentication, if you type sip show channels in cli you will see tons of these: 1.2.3.4 (None) 2389603298 00101/00001 0x0 (nothing) No Rx: REGISTER
since there is no authentication in place, asterisk does not see any failed register attempt, so there wont be anything added to log file as failed attempt. thus fail2ban wont see any activity and wont block the IP. it simply brings down the internet link and the box due to too many sip channels.
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
