I must be doing something wrong. I added the following to the context where SIP
calls come in:
exten => s,1,Set(BANIP=${CHANNEL(recvip)})
same => n,Log(NOTICE,'${BANIP}' - Dialplan Noted Suspicious IP Address)
same => n,Hangup(3)
However, when I look in either /var/log/messages or /var/log/asterisk/messages
I don't see any log entries identified with the above.
My adaptive-ban.conf looks like:
ENABLED=1
ADAPTIVE_BAN_FILE="/var/log/messages"
ADAPTIVE_BAN_TIME=120
ADAPTIVE_BAN_COUNT=3
ADAPTIVE_BAN_TYPES="sshd asterisk"
ADAPTIVE_BAN_REJECT=0
ADAPTIVE_BAN_WHITELIST_INTERNAL=1
ADAPTIVE_BAN_WHITELIST=""
Is there something obvious that I'm missing?
cheers,
S.
On 2013-08-13, at 9:46 PM, Shamus Rask <sha...@srask.ca> wrote:
> Lonnie,
>
> Many thanks… I had searched through the archives, but was having problems
> finding a solution.
>
> cheers,
> Shamus
>
>>
>> Message: 5
>> Date: Tue, 13 Aug 2013 12:51:32 -0500
>> From: Lonnie Abelbeck <li...@lonnie.abelbeck.com>
>> Subject: Re: [Astlinux-users] adaptive-ban for SIP calls
>> To: AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net>
>> Message-ID: <24cfed6d-918b-4cc2-ab71-58b109904...@lonnie.abelbeck.com>
>> Content-Type: text/plain; charset=us-ascii
>>
>> Hi Shamus,
>>
>> This question has come up before, and the community answer was to not
>> automatically ban those in the adaptive-ban plugin since that error can be
>> easily generated by user's misdialing.
>>
>> If you search back on the users list there were dialplan alternatives to
>> detect these kind of errors and add a banned host via the dialplan.
>> --
>> ; For Asterisk 1.6+
>> exten => s,n,Set(BANIP=${CHANNEL(recvip)})
>> exten => s,n,Log(NOTICE,'${BANIP}' - Dialplan Noted Suspicious IP Address)
>> --
>> Then the adaptive-ban plugin will act on the above generated log. This way
>> you have more control over what to ban or not.
>>
>> Lonnie
>>
>>
>> On Aug 13, 2013, at 12:02 PM, Shamus Rask wrote:
>>
>>> Currently running the latest (v112) release of Astlinux. I have enabled the
>>> adaptive-ban and ids-protection firewall plugins. My AstLinux box is
>>> sitting behind my router, where I have port-forwaded 5060-5061 for SIP and
>>> my RTP ports.
>>>
>>> I just took a look in /var/log/asterisk/messages and found the snippet
>>> below. What is the best way to block these "attacks"?
>>>
>>>
>>> [Aug 13 12:44:09] NOTICE[1345] chan_sip.c: Call from ''
>>> (94.23.202.102:5074) to extension '011972597540595' rejected because
>>> extension not found in context 'default'.
>>> [Aug 13 12:44:10] NOTICE[1345] chan_sip.c: Call from ''
>>> (94.23.202.102:5084) to extension '9011972597540595' rejected because
>>> extension not found in context 'default'.
>>> [Aug 13 12:44:11] NOTICE[1345] chan_sip.c: Call from ''
>>> (94.23.202.102:5090) to extension '00972597540595' rejected because
>>> extension not found in context 'default'.
>>> [Aug 13 12:44:11] NOTICE[1345] chan_sip.c: Call from ''
>>> (94.23.202.102:5070) to extension '1011972597540595' rejected because
>>> extension not found in context 'default'.
>>> [Aug 13 12:44:12] NOTICE[1345] chan_sip.c: Call from ''
>>> (94.23.202.102:5082) to extension '0011972597540595' rejected because
>>> extension not found in context 'default'.
>>> [Aug 13 12:44:13] NOTICE[1345] chan_sip.c: Call from ''
>>> (94.23.202.102:5071) to extension '7011972597540595' rejected because
>>> extension not found in context 'default'.
>>> [Aug 13 12:44:14] NOTICE[1345] chan_sip.c: Call from ''
>>> (94.23.202.102:5084) to extension '8011972597540595' rejected because
>>> extension not found in context 'default'.
>>>
>>>
>>> cheers,
>>> Shamus
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
