Hi Ish,
I assume you are using Fail2Ban to monitor the logs for dictionary attacks - If
so, the following regex should work for 1.8:
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Wrong password
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - No matching peer
found
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Username/auth name
mismatch
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Device does not
match ACL
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Peer is not supposed
to register
-
Regards,
AJ Stanfield
t: 0161-850-4001
e: a...@dmcip.com
w: http://www.dmcip.com
----- Original Message -----
From: "Ishfaq Malik" <i...@pack-net.co.uk>
To: "Asterisk Users Mailing List - Non-Commercial Discussion"
<asterisk-users@lists.digium.com>
Sent: Monday, 4 November, 2013 3:36:06 PM
Subject: Re: [asterisk-users] No matching peers message has gone (1.8.23.1)
Hi
Thanks for the quick response. I'll read all the change logs from now on, I
promise!
Ish
On 4 November 2013 15:29, Joshua Colp < jc...@digium.com > wrote:
Ishfaq Malik wrote:
Hi
Ever since we upgraded our asterisk servers to 1.8.23.1, we no longer
get the 'no matching peer' error when we get a dictionary SIP attack.
Now the logs always show a 'wrong password' when there actually isn't a
matching peer.
We even have alwaysauthreject = yes in our sip.conf.
Has anyone else noticed this phenomenon?
This is on purpose. To fix some exposure issues the code was changed to have an
internal peer (albeit one that can never successfully be authenticated against)
that gets used if no real peer is found. This reduces the chance (by a lot) of
the code exposing information in some off nominal cases.
--
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: www.digium.com & www.asterisk.org
--
______________________________ ______________________________ _________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/ mailman/listinfo/asterisk- users
--
Ishfaq Malik
Department: VOIP Support
Company: Packnet Limited
t: +44 (0)845 004 4994
f: +44 (0)161 660 9825
e: i...@pack-net.co.uk w: http://www.pack-net.co.uk Registered Address: PACKNET
LIMITED, Duplex 2, Ducie House
37 Ducie Street
Manchester, M1 2JW
COMPANY REG NO. 04920552
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
