Jeroen Eeuwes писал 29.12.2011 07:29:
Probably my
understanding is limited, but it seems to me that they
have already
'access' to your Asterisk for them to be able to try to
make outgoing
calls. Wouldn't it be better to make sure they get the
usual errors
like Registration from failed -
From: asterisk-users-boun...@lists.digium.com
[asterisk-users-boun...@lists.digium.com] On Behalf Of Mikhail Lischuk
[mlisc...@itx.com.ua]
Sent: Thursday, December 29, 2011 4:14 AM
To: Asterisk Users List
Subject: Re: [asterisk-users] Interesting attack tonight fail2ban
--
*From:* asterisk-users-boun...@lists.digium.com [
asterisk-users-boun...@lists.digium.com] On Behalf Of Mikhail Lischuk [
mlisc...@itx.com.ua]
*Sent:* Thursday, December 29, 2011 4:14 AM
*To:* Asterisk Users List
*Subject:* Re: [asterisk-users] Interesting attack tonight
Hi Michelle,
1. I checked the log and I don't see any registration attempt, so I *assume*
they simply send an invite, and so they are in the external/outside context
of my dialplan. So they are trying to reach extensions which don't exist.
If they succesfully registered they would be on the
...@lists.digium.com] On Behalf Of Andrew Furey
[andrew.fu...@gmail.com]
Sent: Wednesday, December 28, 2011 11:37 PM
To: Asterisk Users List
Subject: Re: [asterisk-users] Interesting attack tonight fail2ban them
On 29 December 2011 12:07, Michelle Dupuis mdup...@ocg.ca wrote:
I thought that it might be worth
I happened to be in the cli tonight as some (208.122.57.58) initiated a simple
attack - just trying to make long distance calls from outside context.
Although harmless, this went on for several minutes as the idiot just used up
my bandwidth with SIP messages. Here's and example:
[2011-12-28
] On Behalf Of Carlos Rojas
[crt.ro...@gmail.com]
Sent: Wednesday, December 28, 2011 11:11 PM
To: Asterisk Users List
Subject: Re: [asterisk-users] Interesting attack tonight fail2ban them
Hello,
Do you set up, your logrotate in /etc/asterisk ?
Do you test that your fail2ban work fine?
Regards
On 29 December 2011 12:07, Michelle Dupuis mdup...@ocg.ca wrote:
I thought that it might be worth adding a line to my fail2ban filter, but am
looking for a hand with the regex. I have come up with:
NOTICE.* .*: Call from '' to extension '.*' rejected because
extension not found
Hello,
Do you set up, your logrotate in /etc/asterisk ?
Do you test that your fail2ban work fine?
Regards
On Wed, Dec 28, 2011 at 11:07 PM, Michelle Dupuis mdup...@ocg.ca wrote:
I happened to be in the cli tonight as some (208.122.57.58) initiated a
simple attack - just trying to make long
Hi Michelle,
I just realized there is no IP (host) in the message line, so no way for
fail2ban to catch it.
Probably my understanding is limited, but it seems to me that they
have already 'access' to your Asterisk for them to be able to try to
make outgoing calls. Wouldn't it be better to
You mentioned the IP, 208.122.57.58, where did you get that from?
Following are the default for Asterisk 1.8 (It would be great to have
others input on this to strengthen this part of the filter):
failregex = Registration from '.*' failed for 'HOST(:[0-9]{1,5})?' -
Wrong password
11 matches
Mail list logo
