Hi all, for several days I can see in my astlinux logs: May 16 00:48:05 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 1002<sip:1002@95.56.155.46>;tag=9a886c0a May 16 00:48:07 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 1002<sip:1002@95.56.155.46>;tag=c6a61c5c May 16 00:48:08 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 1002<sip:1002@95.56.155.46>;tag=64baef1c May 16 00:48:09 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 1002<sip:1002@95.56.155.46>;tag=5226ddea May 16 02:14:27 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 1003<sip:1003@95.56.155.46>;tag=d87e3a60 May 16 02:14:28 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 1003<sip:1003@95.56.155.46>;tag=61408c7d May 16 02:14:29 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 1003<sip:1003@95.56.155.46>;tag=09c2a9c0
and this: May 16 14:37:58 pbx local0.notice asterisk[1373]: NOTICE[1405]: acl.c:748 in ast_apply_acl: SIP Peer ACL: Rejecting '94.23.248.122' due to a failure to pass ACL '(BASELINE)' May 16 14:37:58 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 300<sip:6000@95.56.155.240>;tag=3d36f9b6 May 16 14:37:58 pbx local0.notice asterisk[1373]: NOTICE[1405]: acl.c:748 in ast_apply_acl: SIP Peer ACL: Rejecting '94.23.248.122' due to a failure to pass ACL '(BASELINE)' May 16 14:37:58 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 300<sip:6000@95.56.155.240>;tag=23dbb252 May 16 14:37:59 pbx local0.notice asterisk[1373]: NOTICE[1405]: acl.c:748 in ast_apply_acl: SIP Peer ACL: Rejecting '94.23.248.122' due to a failure to pass ACL '(BASELINE)' May 16 14:37:59 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 300<sip:6000@95.56.155.240>;tag=d9feaa3a May 16 14:38:00 pbx local0.notice asterisk[1373]: NOTICE[1405]: acl.c:748 in ast_apply_acl: SIP Peer ACL: Rejecting '94.23.248.122' due to a failure to pass ACL '(BASELINE)' May 16 14:38:00 pbx local0.notice asterisk[1373]: NOTICE[1405]: chan_sip.c:25152 in handle_request_invite: Failed to authenticate device 300<sip:6000@95.56.155.240>;tag=07e1bfe9 In first logs there is no source ip address of an attacker and I do not except from adaptive ban to protect me. But in second case there is ip address of attacker but adaptive ban does not banned the ip address. In script adaptive-ban-helper I do not see something like "Failed to authenticate device" nor "Rejecting * due to a failure to pass"!? Can we improve this script for better protection? In second case the attacker already knows range of my extensions:-( Thanks, Dominko ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
