Re: [asterisk-users] Weird IPs in Fail2ban list

asterisk jobs Fri, 10 Feb 2012 13:27:38 -0800

I can't see those IPs in the /var/log/asterisk/full. I can't event see
parts of the IP address as I try *grep -o "23.20.189" full. *That is still
nothing.


I am wondering what is wrong here. This is my regex filter file:


failregex = Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' -
Wrong password
            Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - No
matching peer found
            Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' -
Device does not match ACL
            Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' -
Username/auth name mismatch
            Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Peer
is not supposed to register
            NOTICE.* <HOST> failed to authenticate as '.*'$
            NOTICE.* .*: No registration for peer '.*' (from <HOST>)
            NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
            VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice'
(language '.*')
            .* <SIP/<HOST>-.*> Playing 'ss-noservice.gsm' .*


Thanks,

On Fri, Jan 27, 2012 at 2:16 AM, Mikhail Lischuk <mlisc...@itx.com.ua>wrote:

> **
>
> asterisk jobs писал 27.01.2012 06:49:
>
> Hello everyone,
> I have noticed getting wired IPs blocked by Fail2ban. Has anyone else seen
> this or can explain this?
> Chain fail2ban-ASTERISK (1 references)
> num  target     prot opt source               destination
> 1    DROP       all  --  0.23.20.189          0.0.0.0/0
>  I also get things like, 0.0.5.2, etc....Fail2ban seems to be working
> when I am testing. Are these numbers taken from the SIP packet or the
> TCP/IP protocol source because they surely are not valid addresses.
> Thanks
>
> Did you find those IPs in Asterisk log?
>
> If so - it isn't Fail2Ban problem, for it just parses logs and extracts
> substring
>
>
>
> --
> With Best Regards
> Mikhail Lischuk <mlisc...@itx.com.ua>
>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Weird IPs in Fail2ban list

Reply via email to