Hi Ish, I assume you are using Fail2Ban to monitor the logs for dictionary attacks - If so, the following regex should work for 1.8:
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Wrong password Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - No matching peer found Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Username/auth name mismatch Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Device does not match ACL Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Peer is not supposed to register - Regards, AJ Stanfield t: 0161-850-4001 e: a...@dmcip.com w: http://www.dmcip.com ----- Original Message ----- From: "Ishfaq Malik" <i...@pack-net.co.uk> To: "Asterisk Users Mailing List - Non-Commercial Discussion" <asterisk-users@lists.digium.com> Sent: Monday, 4 November, 2013 3:36:06 PM Subject: Re: [asterisk-users] No matching peers message has gone (1.8.23.1) Hi Thanks for the quick response. I'll read all the change logs from now on, I promise! Ish On 4 November 2013 15:29, Joshua Colp < jc...@digium.com > wrote: Ishfaq Malik wrote: Hi Ever since we upgraded our asterisk servers to 1.8.23.1, we no longer get the 'no matching peer' error when we get a dictionary SIP attack. Now the logs always show a 'wrong password' when there actually isn't a matching peer. We even have alwaysauthreject = yes in our sip.conf. Has anyone else noticed this phenomenon? This is on purpose. To fix some exposure issues the code was changed to have an internal peer (albeit one that can never successfully be authenticated against) that gets used if no real peer is found. This reduces the chance (by a lot) of the code exposing information in some off nominal cases. -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: www.digium.com & www.asterisk.org -- ______________________________ ______________________________ _________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/ mailman/listinfo/asterisk- users -- Ishfaq Malik Department: VOIP Support Company: Packnet Limited t: +44 (0)845 004 4994 f: +44 (0)161 660 9825 e: i...@pack-net.co.uk w: http://www.pack-net.co.uk Registered Address: PACKNET LIMITED, Duplex 2, Ducie House 37 Ducie Street Manchester, M1 2JW COMPANY REG NO. 04920552 -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users