Hi list,
I would like to now what is the sense of such type of entry in security.log
[2019-09-27 15:12:24] SECURITY[26964] res_security_log.c:
SecurityEvent="ChallengeSent",EventTV="2019-09-27T15:12:24.181+0200",Severity="Informational",Servic
e="PJSIP",EventVersion="1",AccountID="<unknown>",
SessionID="56b0ca9-d967a90d16411209-a1b0fae1@188.165.222.17",LocalAddress="IPV4/UDP/<MyAddress>/5060",
RemoteAddress="IPV4/UDP/<attackerIP>/5213",Challenge=""
We have a lot of such tries coming from IPs not allowed and fail2ban
fail to ban them because of SecurityEvent not treated and Severity
Informational.
We add a fail2ban filter to ban those IPs which is OK on our side but
also means that attacker knows that account is not existing.
Any comment appreciate
Best Regards
--
Daniel
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
