Shamus, Thats a new one... The problem is we don't necessarily have a real IP address to block, the SIP header says 206.248.185.236 which an attacker probably has spoofed, though you could try blocking it.
All the SIP logs Adaptive Ban uses are *real* IP address Asterisk provides in the logs. Lonnie On Jan 4, 2014, at 9:01 PM, Shamus Rask wrote: > I’m running the latest version of AstLinux with adaptive-ban enabled. This > works a charm on blocking ssh login attempts. However, I recently came across > the following in my Asterisk logs (it appears I’m under some sort of attack): > > [Jan 4 21:25:49] ERROR[1344]: res_rtp_asterisk.c:570 ast_rtp_new: Oh dear... > we couldn't allocate a port for RTP instance '0x8909438' > [Jan 4 21:25:49] NOTICE[1344]: chan_sip.c:23337 handle_request_invite: > Failed to authenticate device > "306"<sip:[email protected]>;tag=3330360132363436373735323230 > [Jan 4 21:25:49] ERROR[1344]: res_rtp_asterisk.c:570 ast_rtp_new: Oh dear... > we couldn't allocate a port for RTP instance '0x890ba78' > [Jan 4 21:25:49] NOTICE[1344]: chan_sip.c:23337 handle_request_invite: > Failed to authenticate device > "307"<sip:[email protected]>;tag=33303701323431383731383932 > [Jan 4 21:25:49] ERROR[1344]: res_rtp_asterisk.c:570 ast_rtp_new: Oh dear... > we couldn't allocate a port for RTP instance '0x890dcd8' > [Jan 4 21:25:50] NOTICE[1344]: chan_sip.c:23337 handle_request_invite: > Failed to authenticate device > "308"<sip:[email protected]>;tag=3330380132343836303037313837 > [Jan 4 21:25:50] ERROR[1344]: res_rtp_asterisk.c:570 ast_rtp_new: Oh dear... > we couldn't allocate a port for RTP instance '0x890f528' > [Jan 4 21:25:50] NOTICE[1344]: chan_sip.c:23337 handle_request_invite: > Failed to authenticate device > "309"<sip:[email protected]>;tag=3330390131333738393630373531 > [Jan 4 21:25:50] ERROR[1344]: res_rtp_asterisk.c:570 ast_rtp_new: Oh dear... > we couldn't allocate a port for RTP instance '0x8911790' > [Jan 4 21:25:50] NOTICE[1344]: chan_sip.c:23337 handle_request_invite: > Failed to authenticate device > "310"<sip:[email protected]>;tag=3331300131303735393534373639 > [Jan 4 21:25:50] ERROR[1344]: res_rtp_asterisk.c:570 ast_rtp_new: Oh dear... > we couldn't allocate a port for RTP instance '0x8912fe0' > [Jan 4 21:25:50] NOTICE[1344]: chan_sip.c:23337 handle_request_invite: > Failed to authenticate device > "311"<sip:[email protected]>;tag=3331310132383934373035383636 > [Jan 4 21:25:50] ERROR[1344]: res_rtp_asterisk.c:570 ast_rtp_new: Oh dear... > we couldn't allocate a port for RTP instance '0x8914830' > [Jan 4 21:25:50] NOTICE[1344]: chan_sip.c:23337 handle_request_invite: > Failed to authenticate device > "312"<sip:[email protected]>;tag=33313201313439373439313831 > [Jan 4 21:25:50] ERROR[1344]: res_rtp_asterisk.c:570 ast_rtp_new: Oh dear... > we couldn't allocate a port for RTP instance '0x8916e68' > [Jan 4 21:25:50] NOTICE[1344]: chan_sip.c:23337 handle_request_invite: > Failed to authenticate device > "313"<sip:[email protected]>;tag=3331330133373231383036373539 > > > Is there a way to auto-magically block these attempts? > > many thanks, > Shamus > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk_______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
