I can't see those IPs in the /var/log/asterisk/full. I can't event see parts of the IP address as I try *grep -o "23.20.189" full. *That is still nothing.
I am wondering what is wrong here. This is my regex filter file: failregex = Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Wrong password Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - No matching peer found Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Device does not match ACL Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Username/auth name mismatch Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Peer is not supposed to register NOTICE.* <HOST> failed to authenticate as '.*'$ NOTICE.* .*: No registration for peer '.*' (from <HOST>) NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*) VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice' (language '.*') .* <SIP/<HOST>-.*> Playing 'ss-noservice.gsm' .* Thanks, On Fri, Jan 27, 2012 at 2:16 AM, Mikhail Lischuk <mlisc...@itx.com.ua>wrote: > ** > > asterisk jobs писал 27.01.2012 06:49: > > Hello everyone, > I have noticed getting wired IPs blocked by Fail2ban. Has anyone else seen > this or can explain this? > Chain fail2ban-ASTERISK (1 references) > num target prot opt source destination > 1 DROP all -- 0.23.20.189 0.0.0.0/0 > I also get things like, 0.0.5.2, etc....Fail2ban seems to be working > when I am testing. Are these numbers taken from the SIP packet or the > TCP/IP protocol source because they surely are not valid addresses. > Thanks > > Did you find those IPs in Asterisk log? > > If so - it isn't Fail2Ban problem, for it just parses logs and extracts > substring > > > > -- > With Best Regards > Mikhail Lischuk <mlisc...@itx.com.ua> > > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users