Armin,
It would be easy enough for us to add the "Not a local domain" match for the
adaptive ban, our only concern is to make sure this isn't a common
misconfiguration case and cause more problems than it helps.
Would it be possible to capture a SIP packet for each of these cases ? For
exampl
> Hi Armin,
Hi Lonnie,
> 1) Your first "Failed to authenticate device" can't be banned since there is
> no "real" IP address logged, only what is in the sip: header, which can't be
> trusted.
Ok - what other option are available.
...
> Are you seeing this from bad guys ? Or could this be a mi
Hi Armin,
1) Your first "Failed to authenticate device" can't be banned since there is no
"real" IP address logged, only what is in the sip: header, which can't be
trusted.
2) Your second "Not a local domain" could be banned, as this occurs with a
common class of registration errors in Asteris
Hello,
could we get additional rules added to Adaptive Ban so that these
two would match
>Sep2422:10:48 astlinux local0.notice asterisk[14935]:
> NOTICE[14958][C-004d]: chan_sip.c:25639 in
> handle_request_invite:Failedtoauthenticate
