I see MANY of these in my log files:
[Jan 15 03:06:12] NOTICE[14129] chan_sip.c: Registration from '202
sip:202@X:5060' failed for '37.8.12.147:26832' - Wrong password
[Jan 15 03:06:19] NOTICE[14129] chan_sip.c: Registration from '5001
sip:5001@X:5060' failed for '37.8.12.147:21268' - Wrong password
[Jan 15 03:06:23] NOTICE[14129] chan_sip.c: Registration from '30
sip:30@X:5060' failed for '37.8.12.147:21270' - Wrong password
[Jan 15 03:06:48] NOTICE[14129] chan_sip.c: Registration from '70
sip:70@X:5060' failed for '37.8.12.147:21328' - Wrong password
[Jan 15 03:06:50] NOTICE[14129][C-0085] chan_sip.c: Call from '' (
8.33.7.110:5103) to extension '889011972592735467' rejected because
extension not found in context 'default'.
[Jan 15 03:06:56] NOTICE[14129] chan_sip.c: Registration from '4
sip:4@X:5060'
failed for '37.8.12.147:21272' - Wrong password
[Jan 15 03:07:11] NOTICE[14129] chan_sip.c: Registration from '12001
sip:12001@X:5060' failed for '37.8.12.147:5060' - Wrong password
[Jan 15 03:34:02] NOTICE[14129][C-0086] chan_sip.c: Call from '' (
172.246.236.90:5078) to extension '8889011972595301123' rejected because
extension not found in context 'default'.
What is the correct way to block these idiots so they
don't even get this far.
Thanks,
Jerry
At this past year's AstriCon there was a series of security talks that
covered fail2ban and best practices. You can view the playlist of videos on
YouTube. The content should be helpful for you:
https://www.youtube.com/playlist?list=PLighc-2vlRgT3DhE9DkIgSmpUX6v2AtYo
Links to the playlists are also on asterisk.org:
http://www.asterisk.org/community/astricon-user-conference/video-archive
Cheers,
Billy Chia
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users