D'Arcy Cain <[email protected]> writes: > I have a script that checks for things like this and adds them to my > packet filter (pf). Everything seems to work up to a point. The IP > address gets added to my AUTOBLOCK table. The second rule, right after > the friends whitelist, blocks any IP in that table. If I try to ping or > traceroute to it I can't get through. I ran netstat -a and sockstat -c > and the IP address does not show up in the connections. Every test > suggests that the system is doing exactly what I want it to do.
But yet, new packets from that IP address reach asterisk. It seems almost entirely clear to me that you have a firewall problem, not an asterisk problem. I would test this out with a remote machine under your control, and packet trace. I would check for a buggy firewall rule that is somehow accepting packets from new tcp or udp packets as matching an old connection state object. I would check for the new attempts as coming from something that matches the original "connection", even if UDP. > The weird thing is that the attempts don't stop. That IP continues to > try different numbers. There are two ways that I have found so far to You say "continues to try", but surely you are not surprised that packets arrive at your computer. I think you are surprised that they make it to asterisk. But your language doesn't quite line up with that. Am I misinterpreting? -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
