Lonnie,
Many thanks… I had searched through the archives, but was having problems
finding a solution.
cheers,
Shamus
>
> Message: 5
> Date: Tue, 13 Aug 2013 12:51:32 -0500
> From: Lonnie Abelbeck <li...@lonnie.abelbeck.com>
> Subject: Re: [Astlinux-users] adaptive-ban for SIP calls
> To: AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net>
> Message-ID: <24cfed6d-918b-4cc2-ab71-58b109904...@lonnie.abelbeck.com>
> Content-Type: text/plain; charset=us-ascii
>
> Hi Shamus,
>
> This question has come up before, and the community answer was to not
> automatically ban those in the adaptive-ban plugin since that error can be
> easily generated by user's misdialing.
>
> If you search back on the users list there were dialplan alternatives to
> detect these kind of errors and add a banned host via the dialplan.
> --
> ; For Asterisk 1.6+
> exten => s,n,Set(BANIP=${CHANNEL(recvip)})
> exten => s,n,Log(NOTICE,'${BANIP}' - Dialplan Noted Suspicious IP Address)
> --
> Then the adaptive-ban plugin will act on the above generated log. This way
> you have more control over what to ban or not.
>
> Lonnie
>
>
> On Aug 13, 2013, at 12:02 PM, Shamus Rask wrote:
>
>> Currently running the latest (v112) release of Astlinux. I have enabled the
>> adaptive-ban and ids-protection firewall plugins. My AstLinux box is sitting
>> behind my router, where I have port-forwaded 5060-5061 for SIP and my RTP
>> ports.
>>
>> I just took a look in /var/log/asterisk/messages and found the snippet
>> below. What is the best way to block these "attacks"?
>>
>>
>> [Aug 13 12:44:09] NOTICE[1345] chan_sip.c: Call from '' (94.23.202.102:5074)
>> to extension '011972597540595' rejected because extension not found in
>> context 'default'.
>> [Aug 13 12:44:10] NOTICE[1345] chan_sip.c: Call from '' (94.23.202.102:5084)
>> to extension '9011972597540595' rejected because extension not found in
>> context 'default'.
>> [Aug 13 12:44:11] NOTICE[1345] chan_sip.c: Call from '' (94.23.202.102:5090)
>> to extension '00972597540595' rejected because extension not found in
>> context 'default'.
>> [Aug 13 12:44:11] NOTICE[1345] chan_sip.c: Call from '' (94.23.202.102:5070)
>> to extension '1011972597540595' rejected because extension not found in
>> context 'default'.
>> [Aug 13 12:44:12] NOTICE[1345] chan_sip.c: Call from '' (94.23.202.102:5082)
>> to extension '0011972597540595' rejected because extension not found in
>> context 'default'.
>> [Aug 13 12:44:13] NOTICE[1345] chan_sip.c: Call from '' (94.23.202.102:5071)
>> to extension '7011972597540595' rejected because extension not found in
>> context 'default'.
>> [Aug 13 12:44:14] NOTICE[1345] chan_sip.c: Call from '' (94.23.202.102:5084)
>> to extension '8011972597540595' rejected because extension not found in
>> context 'default'.
>>
>>
>> cheers,
>> Shamus
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
