Hello Lonnie, Thursday, September 25, 2014, 8:55:17 PM, you wrote:
... > Would it be possible to capture a SIP packet for each of these cases ? For > example: > -- > ngrep -d eth0 -qt -W byline port 5060 > -- > or possibly redirected to a file for a new minutes and you can then > ^C and look through the file for matches to your Asterisk logs to > identify it. That would really help, your public IP address would > need to be obscured, feel free to show the bad guys IP :-) Only one example > for each case is needed. Sure - this bad guy is coming at night. Need to find a solution to get started and getting the trace in the morning... I'll send the trace off-list - if that's alright. ... > If you must listen to a common SIP port and allow any IP address, > you may be able to "whitelist" a set of User-Agent's or at least > minimally blacklist the common bad ones. Indeed - that's an interesting plugin. ... > Lonnie Regards, Armin. ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
