Hello, Do you set up, your logrotate in /etc/asterisk ? Do you test that your fail2ban work fine?
Regards On Wed, Dec 28, 2011 at 11:07 PM, Michelle Dupuis <[email protected]> wrote: > I happened to be in the cli tonight as some (208.122.57.58) initiated a > simple attack - just trying to make long distance calls from outside > context. Although harmless, this went on for several minutes as the idiot > just used up my bandwidth with SIP messages. Here's and example: > > [2011-12-28 22:53:42] NOTICE[9635]: chan_sip.c:14035 > handle_request_invite: Call from '' to extension '6442032987219' rejected > because extension not found. > [2011-12-28 22:53:44] NOTICE[9635]: chan_sip.c:14035 > handle_request_invite: Call from '' to extension '7442032987216' rejected > because extension not found. > [2011-12-28 22:53:46] NOTICE[9635]: chan_sip.c:14035 > handle_request_invite: Call from '' to extension '8442032987216' rejected > because extension not found. > [2011-12-28 22:53:48] NOTICE[9635]: chan_sip.c:14035 > handle_request_invite: Call from '' to extension '008442032987215' rejected > because extension not found. > [2011-12-28 22:53:50] NOTICE[9635]: chan_sip.c:14035 > handle_request_invite: Call from '' to extension '007442032987218' rejected > because extension not found. > [2011-12-28 22:53:52] NOTICE[9635]: chan_sip.c:14035 > handle_request_invite: Call from '' to extension '006442032987219' rejected > because extension not found. > [2011-12-28 22:53:54] NOTICE[9635]: chan_sip.c:14035 > handle_request_invite: Call from '' to extension '005442032987216' rejected > because extension not found. > [2011-12-28 22:53:56] NOTICE[9635]: chan_sip.c:14035 > handle_request_invite: Call from '' to extension '004442032987250' rejected > because extension not found. > > I thought that it might be worth adding a line to my fail2ban filter, but > am looking for a hand with the regex. I have come up with: > NOTICE.* .*: Call from '' to extension '.*' rejected because > extension not found > > but I realize that anyone misdialling a valid extension a few times gets > cut off. Can someone suggest an improvement? (How could I limit this to 4 > or more digits dialled for example?) > > Thanks! > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
