> > > I see MANY of these in my log files: > > > [Jan 15 03:06:12] NOTICE[14129] chan_sip.c: Registration from '"202" > <sip:202@X:5060>' failed for '37.8.12.147:26832' - Wrong password > [Jan 15 03:06:19] NOTICE[14129] chan_sip.c: Registration from '"5001" > <sip:5001@X:5060>' failed for '37.8.12.147:21268' - Wrong password > [Jan 15 03:06:23] NOTICE[14129] chan_sip.c: Registration from '"30" > <sip:30@X:5060>' failed for '37.8.12.147:21270' - Wrong password > [Jan 15 03:06:48] NOTICE[14129] chan_sip.c: Registration from '"70" > <sip:70@X:5060>' failed for '37.8.12.147:21328' - Wrong password > [Jan 15 03:06:50] NOTICE[14129][C-00000085] chan_sip.c: Call from '' ( > 8.33.7.110:5103) to extension '889011972592735467' rejected because > extension not found in context 'default'. > [Jan 15 03:06:56] NOTICE[14129] chan_sip.c: Registration from '"4" > <sip:4@X:5060>' > failed for '37.8.12.147:21272' - Wrong password > [Jan 15 03:07:11] NOTICE[14129] chan_sip.c: Registration from '"12001" > <sip:12001@X:5060>' failed for '37.8.12.147:5060' - Wrong password > [Jan 15 03:34:02] NOTICE[14129][C-00000086] chan_sip.c: Call from '' ( > 172.246.236.90:5078) to extension '8889011972595301123' rejected because > extension not found in context 'default'. > > What is the "correct" way to block these idiots so they > don't even get this far. > > Thanks, > > Jerry
At this past year's AstriCon there was a series of security talks that covered fail2ban and best practices. You can view the playlist of videos on YouTube. The content should be helpful for you: https://www.youtube.com/playlist?list=PLighc-2vlRgT3DhE9DkIgSmpUX6v2AtYo Links to the playlists are also on asterisk.org: http://www.asterisk.org/community/astricon-user-conference/video-archive Cheers, Billy Chia
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users