Hi Shamus,
This question has come up before, and the community answer was to not
automatically ban those in the adaptive-ban plugin since that error can be
easily generated by user's misdialing.
If you search back on the users list there were dialplan alternatives to detect
these kind of errors and add a banned host via the dialplan.
--
; For Asterisk 1.6+
exten => s,n,Set(BANIP=${CHANNEL(recvip)})
exten => s,n,Log(NOTICE,'${BANIP}' - Dialplan Noted Suspicious IP Address)
--
Then the adaptive-ban plugin will act on the above generated log. This way you
have more control over what to ban or not.
Lonnie
On Aug 13, 2013, at 12:02 PM, Shamus Rask wrote:
> Currently running the latest (v112) release of Astlinux. I have enabled the
> adaptive-ban and ids-protection firewall plugins. My AstLinux box is sitting
> behind my router, where I have port-forwaded 5060-5061 for SIP and my RTP
> ports.
>
> I just took a look in /var/log/asterisk/messages and found the snippet below.
> What is the best way to block these "attacks"?
>
>
> [Aug 13 12:44:09] NOTICE[1345] chan_sip.c: Call from '' (94.23.202.102:5074)
> to extension '011972597540595' rejected because extension not found in
> context 'default'.
> [Aug 13 12:44:10] NOTICE[1345] chan_sip.c: Call from '' (94.23.202.102:5084)
> to extension '9011972597540595' rejected because extension not found in
> context 'default'.
> [Aug 13 12:44:11] NOTICE[1345] chan_sip.c: Call from '' (94.23.202.102:5090)
> to extension '00972597540595' rejected because extension not found in context
> 'default'.
> [Aug 13 12:44:11] NOTICE[1345] chan_sip.c: Call from '' (94.23.202.102:5070)
> to extension '1011972597540595' rejected because extension not found in
> context 'default'.
> [Aug 13 12:44:12] NOTICE[1345] chan_sip.c: Call from '' (94.23.202.102:5082)
> to extension '0011972597540595' rejected because extension not found in
> context 'default'.
> [Aug 13 12:44:13] NOTICE[1345] chan_sip.c: Call from '' (94.23.202.102:5071)
> to extension '7011972597540595' rejected because extension not found in
> context 'default'.
> [Aug 13 12:44:14] NOTICE[1345] chan_sip.c: Call from '' (94.23.202.102:5084)
> to extension '8011972597540595' rejected because extension not found in
> context 'default'.
>
>
> cheers,
> Shamus
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
