On Sat, Dec 25, 2010 at 04:04:59PM -0700, Dave George wrote:
My server is being attached all day and fail2ban is not stopping the
attack. I updated stamstamp to match fail2ban requirements.
How about posting your fail2ban config?
--
Daniel Tryba
--
Subject: Re: [asterisk-users] sip attack.. fail2ban not stopping attack
On Sat, Dec 25, 2010 at 04:04:59PM -0700, Dave George wrote:
My server is being attached all day and fail2ban is not stopping the
attack. I updated stamstamp to match fail2ban requirements.
How about posting your fail2ban config
Le 27/12/2010 16:20, dave george a écrit :
[...]
[Definition]
#_daemon = asterisk
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named host. The tag HOST
can
# be used for standard
Simply to reduce the attack, and then improve the defense:
If you don't need traffic from some area that is attacking you, just put the
whole area in IPTables. A list is available on VOIP-INFO.org.
Cull out what you want to allow.
Then tune Fail2Ban at your leisure.
Cary Fitch
--
With asterisk 1.8+ it should be:
failregex = NOTICE.* .*: Registration from '.*' failed for
'HOST(:[0-9]{1,5})?' - Wrong password
NOTICE.* .*: Registration from '.*' failed for
'HOST(:[0-9]{1,5})?' - No matching peer found
NOTICE.* .*: Registration from '.*' failed for
On Mon, Dec 27, 2010 at 10:20:13AM -0500, dave george wrote:
[snip fail2ban config]
Well, all looks fine. Your filter is correct. Your message log is also in the
correct format. You can test this with:
fail2ban-regex /var/log/asterisk/messages /etc/fail2ban/filter.d/asterisk.conf
So is fail2ban
My server is being attached all day and fail2ban is not stopping the
attack. I updated stamstamp to match fail2ban requirements.
[2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830
handle_request_register: Registration from '7002 sip:7...@x.x.x.x'
failed for '38.108.40.94' - No matching peer
Make sure you have
dateformat=%F %T
in logger.conf
On Sun, Dec 26, 2010 at 1:04 AM, Dave George dgeo...@teletoneinc.com wrote:
My server is being attached all day and fail2ban is not stopping the
attack. I updated stamstamp to match fail2ban requirements.
[2010-12-25 18:54:34]
: Re: [asterisk-users] sip attack.. fail2ban not stopping attack
Make sure you have
dateformat=%F %T
in logger.conf
On Sun, Dec 26, 2010 at 1:04 AM, Dave George dgeo...@teletoneinc.com
wrote:
My server is being attached all day and fail2ban is not stopping the
attack. I updated stamstamp
, 2010 6:25 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] sip attack.. fail2ban not stopping attack
Make sure you have
dateformat=%F %T
in logger.conf
On Sun, Dec 26, 2010 at 1:04 AM, Dave George dgeo...@teletoneinc.com
wrote:
My server
10 matches
Mail list logo
