Hi Armin, 1) Your first "Failed to authenticate device" can't be banned since there is no "real" IP address logged, only what is in the sip: header, which can't be trusted.
2) Your second "Not a local domain" could be banned, as this occurs with a common class of registration errors in Asterisk logging the "real" IP address. >From the Asterisk code, it seems this comes when the domain is empty with ><sip:name@[EMPTY]> Are you seeing this from bad guys ? Or could this be a misconfigured client ? Lonnie On Sep 25, 2014, at 11:05 AM, Armin Tüting <armin.tuet...@tueting-online.com> wrote: > Hello, > > could we get additional rules added to Adaptive Ban so that these > two would match >> Sep 24 22:10:48 astlinux local0.notice asterisk[14935]: >> NOTICE[14958][C-0000004d]: chan_sip.c:25639 in >> handle_request_invite: Failed to authenticate device >> 102<sip:1...@xx.xx.xx.xx>;tag=f4a83a1e >> Sep 24 22:21:04 astlinux local0.notice asterisk[14935]: >> NOTICE[14958]: chan_sip.c:28172 in handle_request_register: >> Registration from '"2010" <sip:2...@yy.yy.yy.yy:5060>' failed >> for 'YY.YY.YY.YY:5061' - Not a local domain > > Regards, > Armin. ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
