Am 26.09.2014 um 11:18 schrieb Armin Tüting <armin.tuet...@tueting-online.com>:
> Hello Lonnie, > > Thursday, September 25, 2014, 8:55:17 PM, you wrote: > > ... > >> Would it be possible to capture a SIP packet for each of these cases ? For >> example: >> -- >> ngrep -d eth0 -qt -W byline port 5060 >> -- >> or possibly redirected to a file for a new minutes and you can then >> ^C and look through the file for matches to your Asterisk logs to >> identify it. That would really help, your public IP address would >> need to be obscured, feel free to show the bad guys IP :-) Only one example >> for each case is needed. > Sure - this bad guy is coming at night. Need to find a solution to > get started and getting the trace in the morning... > I'll send the trace off-list - if that's alright. > > ... > >> If you must listen to a common SIP port and allow any IP address, >> you may be able to "whitelist" a set of User-Agent's or at least >> minimally blacklist the common bad ones. > Indeed - that's an interesting plugin. > > ... > >> Lonnie > Regards, > Armin. Armin, you could first run "screen" in a CLI on AstLinux and then start ngrep: ngrep -d eth0 -qt -W byline port 5060 -O outputfile.txt then detach from screen: "Ctrl-a, d" and let it run in the background over the night. The next day you could inspect the outputfile and reattach to screen with "screen -r" and stop it. Michael http://www.mksolutions.info ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
