On 01/08/2015 11:37 PM, ricky gutierrez wrote: > Hi list , someone on the list has seen this type of connection > attempts in asterisk, fail2ban does not stop > > 2015-01-08 14:59:47] SECURITY[21515] res_security_log.c: > SecurityEvent="ChallengeSent",EventTV="1420750787-386840",Severity="Informational",Service="SIP",EventVersion="1",AccountID="sip:[email protected]",SessionID="0x169f528",LocalAddress="IPV4/UDP/173.230.133.20/5060",RemoteAddress="IPV4/UDP/63.141.229.58/5078",Challenge="770e84a3" > [2015-01-08 15:20:20] SECURITY[21515] res_security_log.c: > SecurityEvent="ChallengeSent",EventTV="1420752020-854997",Severity="Informational",Service="SIP",EventVersion="1",AccountID="sip:[email protected]",SessionID="0x169f528",LocalAddress="IPV4/UDP/173.230.133.20/5060",RemoteAddress="IPV4/UDP/198.204.241.58/5074",Challenge="23965594" > > > I modified the fail2ban with the filter, but still not detected
Do you really want to detect "ChallengeSent"? That should occur also on legitimate login processes... -S -- (o_ Stefan Gofferje | SCLT, MCP, CCSA //\ Reg'd Linux User #247167 | VCP #2263 V_/_ Heckler & Koch - the original point and click interface
smime.p7s
Description: S/MIME Cryptographic Signature
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
