On 30 October 2010 19:28, Zeeshan Zakaria <zisha...@gmail.com> wrote:
> My main asterisk server is under unusual heavy attack, and so far Fail2Ban > has blocked about 30 IPs, from various different countries. At this time it > is blocking about 1 IP address every few minutes. > > Just wondering if anybody else is also experiencing unusually increased > hack attempts today? > > Zeeshan A Zakaria > > -- > www.ilovetovoip.com > www.pbxforall.com (beta) > Good Morning. Certainly some kind of very slow DDOS attack. I'm blocking at IPTABLES level. Strange thing is even after I DROP the REGISTER attempts they keep on trying which is unusual. We have a number of Asterisk & Kamailio boxes on the same subnet and it's only targeting 1 Asterisk box. IP's so far if anyone wants to block them before they start on your SIP device: 2010-10-30 18:20:19,023 213.6.233.51 2010-10-30 18:29:41,251 124.122.224.110 2010-10-30 18:29:53,296 41.178.183.80 2010-10-30 18:30:06,047 118.71.80.236 2010-10-30 18:35:05,356 93.181.206.84 2010-10-30 18:35:17,588 207.226.53.120 2010-10-30 18:35:19,995 151.15.169.144 2010-10-30 19:09:35,223 41.133.218.95 2010-10-30 19:10:37,108 125.165.185.126 2010-10-30 19:10:54,011 196.221.74.86 2010-10-30 19:11:06,779 58.8.51.183 2010-10-30 19:11:09,739 111.125.76.79 2010-10-30 19:12:29,671 189.224.23.133 2010-10-30 19:15:28,303 62.87.81.138 2010-10-30 19:17:44,548 118.96.68.202 2010-10-30 19:19:39,432 178.137.18.176 2010-10-30 19:20:59,923 109.197.85.84 2010-10-30 19:22:41,063 91.187.103.33 2010-10-30 19:24:57,283 79.191.64.68 2010-10-30 19:29:39,523 189.19.36.241 2010-10-30 19:33:19,096 85.97.235.244 2010-10-30 19:40:51,324 145.236.187.148 2010-10-30 19:43:02,567 196.217.233.120 2010-10-30 19:47:46,323 145.236.184.134 2010-10-30 19:54:07,564 186.89.189.218 2010-10-30 19:54:51,155 178.154.93.136 2010-10-30 20:01:32,615 187.126.9.46 2010-10-30 20:01:53,215 92.253.28.116 2010-10-30 20:02:31,448 41.218.245.63 2010-10-30 20:05:24,203 85.104.3.147 2010-10-30 20:06:40,431 93.116.63.10 2010-10-30 20:09:00,668 151.15.165.59 2010-10-30 20:09:13,907 95.132.177.3 2010-10-30 20:09:52,135 187.17.185.1 2010-10-30 20:11:46,719 88.230.199.132 2010-10-30 20:22:10,947 86.34.8.194 2010-10-30 20:23:10,176 109.96.12.119 2010-10-30 20:23:18,336 201.240.127.189 2010-10-30 20:25:56,932 92.84.117.146 2010-10-30 20:26:26,155 88.227.121.14 2010-10-30 20:37:26,400 189.7.19.95 2010-10-30 20:37:33,024 41.236.166.150 2010-10-30 20:39:26,968 118.96.218.199 2010-10-30 20:44:27,968 41.232.67.66 2010-10-30 20:48:48,715 41.189.55.21 2010-10-30 20:52:12,431 189.15.98.140 2010-10-30 20:54:51,031 189.70.167.100 2010-10-30 20:55:42,639 189.15.99.161 2010-10-30 20:56:19,243 41.189.53.202 2010-10-30 20:58:24,979 41.189.54.61 2010-10-30 20:58:49,720 79.112.136.182 2010-10-30 20:59:40,959 41.189.55.3 2010-10-30 21:06:31,700 180.214.232.20 2010-10-30 21:10:27,811 189.23.61.5 2010-10-30 21:15:42,452 118.96.106.229 2010-10-30 21:34:23,343 93.146.195.166 2010-10-30 21:42:25,575 190.172.152.53 2010-10-30 21:43:10,184 94.141.68.62 2010-10-30 23:03:41,419 78.176.225.22 2010-10-30 23:46:20,651 76.116.250.237 2010-10-30 23:49:53,023 188.52.97.82 2010-10-30 23:52:02,279 78.167.12.19 2010-10-31 00:02:12,511 200.220.209.204 2010-10-31 00:11:01,491 41.205.112.90 2010-10-31 00:13:20,399 187.74.15.7 2010-10-31 00:13:36,963 201.42.156.126 2010-10-31 00:16:00,563 41.238.170.22 2010-10-31 00:26:21,299 62.248.47.86 2010-10-31 00:34:34,524 93.116.228.188 2010-10-31 00:41:35,760 110.32.149.227 2010-10-31 00:46:44,755 81.6.90.142 2010-10-31 00:50:50,995 78.162.174.78 2010-10-31 00:58:23,220 123.23.243.19 2010-10-31 00:59:01,476 119.42.83.249 2010-10-31 01:04:01,403 112.201.240.119 2010-10-31 01:15:13,300 190.233.197.248 2010-10-31 01:18:14,979 189.110.116.97 2010-10-31 01:19:07,572 113.162.96.205 2010-10-31 01:23:30,527 178.210.133.205 2010-10-31 01:32:22,339 151.15.175.8 2010-10-31 01:51:35,576 178.53.139.232 2010-10-31 02:00:01,131 85.104.94.215 2010-10-31 02:00:02,403 123.27.9.4 2010-10-31 02:00:03,281 118.137.89.66 2010-10-31 02:00:04,184 113.170.140.8 2010-10-31 02:07:17,011 125.185.5.19 2010-10-31 02:15:02,887 123.17.204.125 2010-10-31 02:22:27,803 81.192.211.208 2010-10-31 02:25:47,031 118.96.176.53 2010-10-31 02:35:08,059 113.169.105.142 2010-10-31 02:47:15,984 222.253.242.237 2010-10-31 02:52:05,876 99.229.149.67 2010-10-31 06:25:08,147 187.74.15.7 2010-10-31 06:25:08,764 112.201.240.119 2010-10-31 06:25:09,781 93.116.228.188 2010-10-31 06:25:10,084 188.52.97.82 2010-10-31 06:25:14,303 118.137.89.66 2010-10-31 06:25:27,251 201.42.156.126 2010-10-31 06:36:19,591 188.53.35.208 2010-10-31 07:40:12,855 121.246.144.94 2010-10-31 07:41:29,783 222.124.3.13 2010-10-31 07:41:42,671 77.81.49.178 2010-10-31 07:42:41,911 119.92.232.162 2010-10-31 07:42:52,792 110.168.115.109 2010-10-31 07:44:10,831 222.253.241.210 2010-10-31 07:45:46,755 94.240.149.110 2010-10-31 07:50:09,999 178.155.54.47 2010-10-31 07:51:36,471 88.226.33.30 2010-10-31 07:52:08,684 113.172.230.103 2010-10-31 07:55:10,723 118.96.242.225 2010-10-31 07:55:33,595 109.120.46.78 2010-10-31 07:55:45,735 113.167.33.220 2010-10-31 07:57:32,575 60.220.253.149 2010-10-31 07:57:48,483 113.166.1.235 2010-10-31 07:59:16,335 113.59.222.50 2010-10-31 07:59:54,187 41.215.64.66 2010-10-31 08:04:48,071 85.106.225.138 2010-10-31 08:04:54,300 88.227.52.50 2010-10-31 08:05:56,551 193.106.220.17 2010-10-31 08:29:51,783 202.133.58.122 2010-10-31 08:33:05,652 188.38.10.102 2010-10-31 08:33:22,880 78.185.153.80 2010-10-31 08:34:08,119 41.210.27.205 2010-10-31 08:34:21,063 89.122.0.141 2010-10-31 08:36:01,300 94.255.118.14 2010-10-31 08:38:46,528 81.213.179.105 Regards Brian > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users