I just realized there is no IP (host) in the message line, so no way for fail2ban to catch it.
Other suggestions? Or will I have to code something into my dialplan.... ________________________________________ From: asterisk-users-boun...@lists.digium.com [asterisk-users-boun...@lists.digium.com] On Behalf Of Andrew Furey [andrew.fu...@gmail.com] Sent: Wednesday, December 28, 2011 11:37 PM To: Asterisk Users List Subject: Re: [asterisk-users] Interesting attack tonight & fail2ban them On 29 December 2011 12:07, Michelle Dupuis <mdup...@ocg.ca> wrote: > I thought that it might be worth adding a line to my fail2ban filter, but am > looking for a hand with the regex. I have come up with: > NOTICE.* .*: Call from '' to extension '.*' rejected because > extension not found > > but I realize that anyone misdialling a valid extension a few times gets cut > off. Can someone suggest an improvement? (How could I limit this to 4 or > more digits dialled for example?) [ Caveat - I have never used fail2ban ] If it supports Perl-style regexps, you could do: NOTICE.* .*: Call from '' to extension '[0-9]{4,}' rejected because extension not found That will do "at least 4 digits". Or the long way (Bash-style etc): NOTICE.* .*: Call from '' to extension '[0-9][0-9][0-9][0-9][0-9]*' rejected because extension not found HTH, Andrew -- Linux supports the notion of a command line or a shell for the same reason that only children read books with only pictures in them. Language, be it English or something else, is the only tool flexible enough to accomplish a sufficiently broad range of tasks. -- Bill Garrett -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users