Re: [Astlinux-users] Adaptive-ban not working?

Sun, 27 May 2012 08:30:34 -0700 

Ionel,
Last month when you first reported this, I pasted a dialplan snippit you can use inside of Asterisk to automatically add these scanning hosts to the block list. It also appended each IP to a "banlist" file that you can process on system startup to reapply all the bans when the box reboots. 


If you go this route, you can add that to the end of your default 
incoming call context. It will prevent subsequent scans from the same IP.


-James

On 05/27/2012 08:22 AM, Ionel Chila wrote:

Is there a way I can change something in my adaptive plug config and 
stop this kind of behavior?  It gets old after a while to manually add 
all those hosts to the "block" list.
My PBX is just a home setup so I have no "operational" issues with 
many users dialing the wrong number :-)


I greatly appreciate it



------------------------------------------------------------------------
*From:* Lonnie Abelbeck <li...@lonnie.abelbeck.com>
*To:* AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net>
*Cc:* Ionel Chila <ionelch...@yahoo.com>
*Sent:* Friday, April 13, 2012 6:27 PM
*Subject:* Re: [Astlinux-users] Adaptive-ban not working?

Hi Ionel,


This issue have been brought up before, matching the log would be 
simple to add to the Adaptive Ban plugin (one line addition) but it 
turns out this kind of log error can easily occur under normal 
operation by users dialing the wrong number.



The only exception is the "found in context 'default'" part of the 
logs, since most don't have a 'default' context.



If I remember correctly, we (the community here) decided not to act on 
this log.


Please refresh my memory if I got this wrong.

Lonnie


PS: Of couse you an manually ban via the Firewall tab -> Block 
Host/CIDR: 72.55.156.56



On Apr 13, 2012, at 6:07 PM, Ionel Chila wrote:


> My settings are to ban a host after 6 tries but it doesn't look like 
is banning it :-)

>
> # The number of log failures to ban host

> # 
------------------------------------------------------------------------------

> ADAPTIVE_BAN_COUNT=6
>
>
> And yes is enabled :-)
> # To actually enable this plugin make ENABLED=1:

> # 
------------------------------------------------------------------------------

> ENABLED=1
>
>  Any ideas???
>

> Apr 13 07:37:58 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to
>  extension '67234303429347' rejected because extension not found in 
context 'default'.
> Apr 13 07:37:58 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '00441212790870' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:00 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '011441212790875' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:02 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '000441212790875' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:04 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '900441212790876' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:06 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '9011441212790877' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:08 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '+011441212790874' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:10 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '+00441212790876' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:12 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '+000441212790873' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:14 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '+441212790872' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:16 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '+9011441212790875' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:18 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '+900441212790874' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:20 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '0441212790873' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:22 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '8011441212790878' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:24 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '001441212790877' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:26 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '01441212790873' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:28 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '++441212790878' rejected because 
extension not found in context 'default'.
> Apr 13 07:38:30 HOME-PBX local0.notice asterisk[1069]: NOTICE[1125]: 
chan_sip.c:22461 in handle_request_invite: Call from '' 
(72.55.156.56:5060) to extension '9000441212790878' rejected because 
extension not found in context 'default'.

>

> 
------------------------------------------------------------------------------

> For Developers, A Lot Can Happen In A Second.
> Boundary is the first to Know...and Tell You.
> Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!

> 
http://p.sf.net/sfu/Boundary-d2dvs2_______________________________________________

> Astlinux-users mailing list

> Astlinux-users@lists.sourceforge.net 
<mailto:Astlinux-users@lists.sourceforge.net>

> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>

> Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org <mailto:pay...@krisk.org>.






------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/


_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.





















					Reply via email to