Hi all, for several days I can see in my astlinux logs: May 16 00:48:05 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 1002<sip:[email protected]>;tag=9a886c0a May 16 00:48:07 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 1002<sip:[email protected]>;tag=c6a61c5c May 16 00:48:08 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 1002<sip:[email protected]>;tag=64baef1c May 16 00:48:09 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 1002<sip:[email protected]>;tag=5226ddea May 16 02:14:27 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 1003<sip:[email protected]>;tag=d87e3a60 May 16 02:14:28 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 1003<sip:[email protected]>;tag=61408c7d May 16 02:14:29 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 1003<sip:[email protected]>;tag=09c2a9c0
and this: May 16 14:37:58 pbx local0.notice asterisk[1373]: NOTICE[1405]: acl.c:748 in ast_apply_acl: SIP Peer ACL: Rejecting '94.23.248.122' due to a failure to pass ACL '(BASELINE)' May 16 14:37:58 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 300<sip:[email protected]>;tag=3d36f9b6 May 16 14:37:58 pbx local0.notice asterisk[1373]: NOTICE[1405]: acl.c:748 in ast_apply_acl: SIP Peer ACL: Rejecting '94.23.248.122' due to a failure to pass ACL '(BASELINE)' May 16 14:37:58 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 300<sip:[email protected]>;tag=23dbb252 May 16 14:37:59 pbx local0.notice asterisk[1373]: NOTICE[1405]: acl.c:748 in ast_apply_acl: SIP Peer ACL: Rejecting '94.23.248.122' due to a failure to pass ACL '(BASELINE)' May 16 14:37:59 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 300<sip:[email protected]>;tag=d9feaa3a May 16 14:38:00 pbx local0.notice asterisk[1373]: NOTICE[1405]: acl.c:748 in ast_apply_acl: SIP Peer ACL: Rejecting '94.23.248.122' due to a failure to pass ACL '(BASELINE)' May 16 14:38:00 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 300<sip:[email protected]>;tag=07e1bfe9 In first logs there is no source ip address of an attacker and I do not except from adaptive ban to protect me. But in second case there is ip address of attacker but adaptive ban does not banned the ip address. In script adaptive-ban-helper I do not see something like "Failed to authenticate device" nor "Rejecting * due to a failure to pass"!? Can we improve this script for better protection? In second case the attacker already knows range of my extensions:-( Thanks, Dominko ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
