Re: [Astlinux-users] Adaptive-ban not working?

Fri, 13 Apr 2012 21:55:10 -0700 

Ionel,
What I do to automatically blacklist scanning hosts, like in your example, is to handle it in the Asterisk dialplan. At the end of my external default context (from-pstn-unknown) is: 

; Don't accept any calls not identified above
exten => _X.,1,Gosub(store-cid,s,1)
exten => _X.,n,Set(CDR(userfield)=${EXTEN})

exten => 
_X.,n,Notify(${CALLERID(num)}|${CALLERID(name)}|${EXTEN}0/172.20.0.100)

exten => _X.,n,Wait(1)
exten => _X.,n,Answer()
exten => _X.,n,Set(BANIP=${SIPCHANINFO(recvip)})
exten => _X.,n,NoOp(IP is ${BANIP})
exten => _X.,n,System(echo ${BANIP} >> /mnt/kd/banlist)

exten => _X.,n,System(iptables -A ADAPTIVE_BAN_CHAIN -p udp -s ${BANIP} 
-j ADAPTIVE_BAN_DROP_CHAIN)

exten => _X.,n,Zapateller()
exten => _X.,n,Playback(the-number-u-dialed)
exten => _X.,n,SayDigits(${EXTEN})
exten => _X.,n,Playback(has-been-disconnected&or&no-longer-in-service)
exten => _X.,n,Playback(check-number-dial-again)
exten => _X.,n,Congestion(5)
exten => _X.,n,Hangup()


It will add a rule to the iptables chain that the adaptive ban plugin 
uses to block all udp traffic from the host as well as add it to a list 
of blacklisted IPs that I process via a startup script (to stay 
persistent across reboots).



By processing it in the dialplan as opposed to via ABP, I can ensure 
that it will be granular enough to only block unauthenticated calls, as 
opposed to user missdials.



It works very well in keeping scans to an absolute minimum. I've 
blacklisted about 127 hosts in the past year using this method.


-James


On 04/13/2012 10:41 PM, Ionel Chila wrote:

Thanks Lonnie. That's good and I can just block the host.

Just wanted to make sure that the adaptive-ban plugin is not broken 
and we have a false sense of protection :-)



------------------------------------------------------------------------
*From:* Lonnie Abelbeck <li...@lonnie.abelbeck.com>
*To:* AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net>
*Cc:* Ionel Chila <ionelch...@yahoo.com>
*Sent:* Friday, April 13, 2012 6:27 PM
*Subject:* Re: [Astlinux-users] Adaptive-ban not working?

Hi Ionel,


This issue have been brought up before, matching the log would be 
simple to add to the Adaptive Ban plugin (one line addition) but it 
turns out this kind of log error can easily occur under normal 
operation by users dialing the wrong number.



The only exception is the "found in context 'default'" part of the 
logs, since most don't have a 'default' context.



If I remember correctly, we (the community here) decided not to act on 
this log.


Please refresh my memory if I got this wrong.

Lonnie


PS: Of couse you an manually ban via the Firewall tab -> Block 
Host/CIDR: 72.55.156.56



On Apr 13, 2012, at 6:07 PM, Ionel Chila wrote:


> My settings are to ban a host after 6 tries but it doesn't look like 
is banning it :-)

>
> # The number of log failures to ban host

> # 
------------------------------------------------------------------------------

> ADAPTIVE_BAN_COUNT=6
>
>
> And yes is enabled :-)
> # To actually enable this plugin make ENABLED=1:

> # 
------------------------------------------------------------------------------

> ENABLED=1
>
>  Any ideas???
>

> Apr 13 07:37:58 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to
>  extension '67234303429347' rejected because extension not found in 
context 'default'.
> Apr 13 07:37:58 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '00441212790870' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:00 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '011441212790875' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:02 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '000441212790875' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:04 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '900441212790876' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:06 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '9011441212790877' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:08 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '+011441212790874' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:10 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '+00441212790876' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:12 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '+000441212790873' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:14 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '+441212790872' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:16 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '+9011441212790875' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:18 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '+900441212790874' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:20 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '0441212790873' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:22 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '8011441212790878' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:24 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '001441212790877' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:26 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '01441212790873' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:28 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '++441212790878' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:30 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '9000441212790878' rejected because 
extension not found in context 'default'.

>

> 
------------------------------------------------------------------------------

> For Developers, A Lot Can Happen In A Second.
> Boundary is the first to Know...and Tell You.
> Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!

> 
http://p.sf.net/sfu/Boundary-d2dvs2_______________________________________________

> Astlinux-users mailing list

> Astlinux-users@lists.sourceforge.net 
<mailto:Astlinux-users@lists.sourceforge.net>

> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>

> Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org <mailto:pay...@krisk.org>.





------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2


_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.





















					Reply via email to