[asterisk-users] Decoding SIP register hack

2018-05-17 Thread sean darcy
I need some help understanding SIP dialog. Some actor is trying to access my server, but I can't figure out what he's trying to do ,or how. I'm getting a lot of these warnings. [May 17 10:08:08] WARNING[1532]: chan_sip.c:4068 retrans_pkt: Retransmission timeout reached on transmission _zIr9tD

Re: [asterisk-users] Decoding SIP register hack

2018-05-17 Thread Frank Vanoni
On Thu, 2018-05-17 at 11:18 -0400, sean darcy wrote: > 3. How do I set up the server to block these ? > > 4. Can I stop the retransmitting of the 401 Unauthorized packets ? I'm happy with Fail2Ban protecting my Asterisk 13. Here is my configuration: in /etc/asterisk/logger.conf: messages => se

Re: [asterisk-users] Decoding SIP register hack

2018-05-17 Thread sean darcy
On 05/17/2018 11:38 AM, Frank Vanoni wrote: On Thu, 2018-05-17 at 11:18 -0400, sean darcy wrote: 3. How do I set up the server to block these ? 4. Can I stop the retransmitting of the 401 Unauthorized packets ? I'm happy with Fail2Ban protecting my Asterisk 13. Here is my configuration: in

Re: [asterisk-users] SIP Codec negotiation

2018-05-17 Thread Steve Edwards
On Fri, May 11, 2018, at 10:36 AM, Steve Edwards wrote: So, Asterisk will defer it's choice of codec to match the codec it detects in the incoming stream? On Fri, 11 May 2018, Joshua Colp wrote: It depends on the channel driver and configuration. The chan_sip module always matching outgoing

[asterisk-users] AMI status events with res_fax_spandsp.so

2018-05-17 Thread Steven Wheeler
Is anyone else using the AMI with res_fax_spandsp.so for real-time status? I am working on migrating a FAX application from res_fax_digium.so to res_fax_spandsp.so. I have noticed that the spandsp module generates far fewer AMI status events than the Digium module and the generated events contai

Re: [asterisk-users] Decoding SIP register hack

2018-05-17 Thread Daniel Tryba
On Thu, May 17, 2018 at 12:27:17PM -0400, sean darcy wrote: > > WARNING.* .*: fail2ban='' > > > ># Option:  ignoreregex > ># Notes.:  regex to ignore. If this regex matches, the line is ignored. > ># Values:  TEXT > ># > >ignoreregex = > > > > > Thanks. Very useful as a tutorial for fai

Re: [asterisk-users] Decoding SIP register hack

2018-05-17 Thread Steve Edwards
On Thu, 17 May 2018, Daniel Tryba wrote: You can do nothing to stop this kind of traffic. The only thing you can do is block it, either using only a whitelist (cumbersome) or generate a blacklist with for example fail2ban or a more elaborate honeypot setup. Or setup a proxy that will filter pa

Re: [asterisk-users] Decoding SIP register hack

2018-05-17 Thread sean darcy
On 05/17/2018 04:47 PM, Daniel Tryba wrote: On Thu, May 17, 2018 at 12:27:17PM -0400, sean darcy wrote: WARNING.* .*: fail2ban='' # Option:  ignoreregex # Notes.:  regex to ignore. If this regex matches, the line is ignored. # Values:  TEXT # ignoreregex = Thanks. Very useful