Ionel,
What I do to automatically blacklist scanning hosts, like in your
example, is to handle it in the Asterisk dialplan. At the end of my
external default context (from-pstn-unknown) is:
; Don't accept any calls not identified above
exten => _X.,1,Gosub(store-cid,s,1)
exten => _X.,n,Set(CDR(userfield)=${EXTEN})
exten =>
_X.,n,Notify(${CALLERID(num)}|${CALLERID(name)}|${EXTEN}0/172.20.0.100)
exten => _X.,n,Wait(1)
exten => _X.,n,Answer()
exten => _X.,n,Set(BANIP=${SIPCHANINFO(recvip)})
exten => _X.,n,NoOp(IP is ${BANIP})
exten => _X.,n,System(echo ${BANIP} >> /mnt/kd/banlist)
exten => _X.,n,System(iptables -A ADAPTIVE_BAN_CHAIN -p udp -s ${BANIP}
-j ADAPTIVE_BAN_DROP_CHAIN)
exten => _X.,n,Zapateller()
exten => _X.,n,Playback(the-number-u-dialed)
exten => _X.,n,SayDigits(${EXTEN})
exten => _X.,n,Playback(has-been-disconnected&or&no-longer-in-service)
exten => _X.,n,Playback(check-number-dial-again)
exten => _X.,n,Congestion(5)
exten => _X.,n,Hangup()
It will add a rule to the iptables chain that the adaptive ban plugin
uses to block all udp traffic from the host as well as add it to a list
of blacklisted IPs that I process via a startup script (to stay
persistent across reboots).
By processing it in the dialplan as opposed to via ABP, I can ensure
that it will be granular enough to only block unauthenticated calls, as
opposed to user missdials.
It works very well in keeping scans to an absolute minimum. I've
blacklisted about 127 hosts in the past year using this method.
-James
On 04/13/2012 10:41 PM, Ionel Chila wrote:
Thanks Lonnie. That's good and I can just block the host.
Just wanted to make sure that the adaptive-ban plugin is not broken
and we have a false sense of protection :-)
------------------------------------------------------------------------
*From:* Lonnie Abelbeck <li...@lonnie.abelbeck.com>
*To:* AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net>
*Cc:* Ionel Chila <ionelch...@yahoo.com>
*Sent:* Friday, April 13, 2012 6:27 PM
*Subject:* Re: [Astlinux-users] Adaptive-ban not working?
Hi Ionel,
This issue have been brought up before, matching the log would be
simple to add to the Adaptive Ban plugin (one line addition) but it
turns out this kind of log error can easily occur under normal
operation by users dialing the wrong number.
The only exception is the "found in context 'default'" part of the
logs, since most don't have a 'default' context.
If I remember correctly, we (the community here) decided not to act on
this log.
Please refresh my memory if I got this wrong.
Lonnie
PS: Of couse you an manually ban via the Firewall tab -> Block
Host/CIDR: 72.55.156.56
On Apr 13, 2012, at 6:07 PM, Ionel Chila wrote:
> My settings are to ban a host after 6 tries but it doesn't look like
is banning it :-)
>
> # The number of log failures to ban host
> #
------------------------------------------------------------------------------
> ADAPTIVE_BAN_COUNT=6
>
>
> And yes is enabled :-)
> # To actually enable this plugin make ENABLED=1:
> #
------------------------------------------------------------------------------
> ENABLED=1
>
> Any ideas???
>
> Apr 13 07:37:58 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]:
chan_sip.c:22461 in handle_request_invite: Call from ''
(72.55.156.56:5060) to
> extension '67234303429347' rejected because extension not found in
context 'default'.
> Apr 13 07:37:58 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]:
chan_sip.c:22461 in handle_request_invite: Call from ''
(72.55.156.56:5060) to extension '00441212790870' rejected because
extension not found in context 'default'.
> Apr 13 07:38:00 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]:
chan_sip.c:22461 in handle_request_invite: Call from ''
(72.55.156.56:5060) to extension '011441212790875' rejected because
extension not found in context 'default'.
> Apr 13 07:38:02 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]:
chan_sip.c:22461 in handle_request_invite: Call from ''
(72.55.156.56:5060) to extension '000441212790875' rejected because
extension not found in context 'default'.
> Apr 13 07:38:04 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]:
chan_sip.c:22461 in handle_request_invite: Call from ''
(72.55.156.56:5060) to extension '900441212790876' rejected because
extension not found in context 'default'.
> Apr 13 07:38:06 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]:
chan_sip.c:22461 in handle_request_invite: Call from ''
(72.55.156.56:5060) to extension '9011441212790877' rejected because
extension not found in context 'default'.
> Apr 13 07:38:08 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]:
chan_sip.c:22461 in handle_request_invite: Call from ''
(72.55.156.56:5060) to extension '+011441212790874' rejected because
extension not found in context 'default'.
> Apr 13 07:38:10 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]:
chan_sip.c:22461 in handle_request_invite: Call from ''
(72.55.156.56:5060) to extension '+00441212790876' rejected because
extension not found in context 'default'.
> Apr 13 07:38:12 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]:
chan_sip.c:22461 in handle_request_invite: Call from ''
(72.55.156.56:5060) to extension '+000441212790873' rejected because
extension not found in context 'default'.
> Apr 13 07:38:14 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]:
chan_sip.c:22461 in handle_request_invite: Call from ''
(72.55.156.56:5060) to extension '+441212790872' rejected because
extension not found in context 'default'.
> Apr 13 07:38:16 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]:
chan_sip.c:22461 in handle_request_invite: Call from ''
(72.55.156.56:5060) to extension '+9011441212790875' rejected because
extension not found in context 'default'.
> Apr 13 07:38:18 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]:
chan_sip.c:22461 in handle_request_invite: Call from ''
(72.55.156.56:5060) to extension '+900441212790874' rejected because
extension not found in context 'default'.
> Apr 13 07:38:20 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]:
chan_sip.c:22461 in handle_request_invite: Call from ''
(72.55.156.56:5060) to extension '0441212790873' rejected because
extension not found in context 'default'.
> Apr 13 07:38:22 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]:
chan_sip.c:22461 in handle_request_invite: Call from ''
(72.55.156.56:5060) to extension '8011441212790878' rejected because
extension not found in context 'default'.
> Apr 13 07:38:24 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]:
chan_sip.c:22461 in handle_request_invite: Call from ''
(72.55.156.56:5060) to extension '001441212790877' rejected because
extension not found in context 'default'.
> Apr 13 07:38:26 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]:
chan_sip.c:22461 in handle_request_invite: Call from ''
(72.55.156.56:5060) to extension '01441212790873' rejected because
extension not found in context 'default'.
> Apr 13 07:38:28 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]:
chan_sip.c:22461 in handle_request_invite: Call from ''
(72.55.156.56:5060) to extension '++441212790878' rejected because
extension not found in context 'default'.
> Apr 13 07:38:30 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]:
chan_sip.c:22461 in handle_request_invite: Call from ''
(72.55.156.56:5060) to extension '9000441212790878' rejected because
extension not found in context 'default'.
>
>
------------------------------------------------------------------------------
> For Developers, A Lot Can Happen In A Second.
> Boundary is the first to Know...and Tell You.
> Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
>
http://p.sf.net/sfu/Boundary-d2dvs2_______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
<mailto:Astlinux-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org <mailto:pay...@krisk.org>.
------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.