Hi Michelle,
> 1. I checked the log and I don't see any registration attempt, so I *assume*
> they simply send an invite, and so they are in the external/outside context
> of my dialplan. So they are trying to reach extensions which don't exist.
> If they succesfully registered they would be on t
com.ua]
> *Sent:* Thursday, December 29, 2011 4:14 AM
>
> *To:* Asterisk Users List
> *Subject:* Re: [asterisk-users] Interesting attack tonight & fail2ban them
>
> Jeroen Eeuwes писал 29.12.2011 07:29:
>
>
>
> Probably my understanding is limited, but it
nd let
fail2ban takeover from there.
Thanks
From: asterisk-users-boun...@lists.digium.com
[asterisk-users-boun...@lists.digium.com] On Behalf Of Mikhail Lischuk
[mlisc...@itx.com.ua]
Sent: Thursday, December 29, 2011 4:14 AM
To: Asterisk Users List
Subject: Re
Jeroen Eeuwes писал 29.12.2011 07:29:
> Probably my
understanding is limited, but it seems to me that they
> have already
'access' to your Asterisk for them to be able to try to
> make outgoing
calls. Wouldn't it be better to make sure they get the
> "usual" errors
like "Registration from fail
You mentioned the IP, 208.122.57.58, where did you get that from?
Following are the default for Asterisk 1.8 (It would be great to have
others input on this to strengthen this part of the filter):
failregex = Registration from '.*' failed for '(:[0-9]{1,5})?' -
Wrong password
Registra
Hi Michelle,
> I just realized there is no IP (host) in the message line, so no way for
> fail2ban to catch it.
Probably my understanding is limited, but it seems to me that they
have already 'access' to your Asterisk for them to be able to try to
make outgoing calls. Wouldn't it be better to ma
...@lists.digium.com] On Behalf Of Andrew Furey
[andrew.fu...@gmail.com]
Sent: Wednesday, December 28, 2011 11:37 PM
To: Asterisk Users List
Subject: Re: [asterisk-users] Interesting attack tonight & fail2ban them
On 29 December 2011 12:07, Michelle Dupuis wrote:
> I thought that it might be worth adding a
On 29 December 2011 12:07, Michelle Dupuis wrote:
> I thought that it might be worth adding a line to my fail2ban filter, but am
> looking for a hand with the regex. I have come up with:
> NOTICE.* .*: Call from '' to extension '.*' rejected because
> extension not found
>
> but I rea
risk-users-boun...@lists.digium.com] On Behalf Of Carlos Rojas
[crt.ro...@gmail.com]
Sent: Wednesday, December 28, 2011 11:11 PM
To: Asterisk Users List
Subject: Re: [asterisk-users] Interesting attack tonight & fail2ban them
Hello,
Do you set up, your logrotate in /etc/asterisk ?
Do you test that your
Hello,
Do you set up, your logrotate in /etc/asterisk ?
Do you test that your fail2ban work fine?
Regards
On Wed, Dec 28, 2011 at 11:07 PM, Michelle Dupuis wrote:
> I happened to be in the cli tonight as some (208.122.57.58) initiated a
> simple attack - just trying to make long distance call
I happened to be in the cli tonight as some (208.122.57.58) initiated a simple
attack - just trying to make long distance calls from outside context.
Although harmless, this went on for several minutes as the idiot just used up
my bandwidth with SIP messages. Here's and example:
[2011-12-28 2
11 matches
Mail list logo
