> fail2ban is most useful for blocking registration attempts. I
> handle
> non-registration call attempts by allowing guests, point them to a
> jail
> context, which runs Log(WARNING,fail2ban='${CHANNEL(peerip)}') I
> set a
> fail2ban rule to match that line logged from Asterisk.
Thanks
IMHO, manual IP-tables is probably better for those who have a single
provider - whitelist only your SIP trunk provider's IP adress (or address
pool). But... that leads onto a train of thought that might help.
First, realize you don't have to manually read your security logs, you can
script that
On 01/02/2018 05:30 PM, sean darcy wrote:
On 12/30/2017 08:18 PM, Dovid Bender wrote:
Script kiddies trying to find vulnerable systems that they can make
calls on. Lock down the box with iptables and use fail2ban to block
them. The via is probably bogus unless a box at the DoD was comprimised
On 12/30/2017 08:18 PM, Dovid Bender wrote:
Script kiddies trying to find vulnerable systems that they can make
calls on. Lock down the box with iptables and use fail2ban to block
them. The via is probably bogus unless a box at the DoD was comprimised.
On Sat, Dec 30, 2017 at 6:49 PM, sean d
On 12/30/2017 08:10 PM, Antony Stone wrote:
On Sunday 31 December 2017 at 00:49:17, sean darcy wrote:
I've been getting a lot of timeouts on non-critical invite transactions.
So how is someone on a Dutch ISP using my server to mess with a US DoD
ip address ?
What's your setting for "allowg
Script kiddies trying to find vulnerable systems that they can make calls
on. Lock down the box with iptables and use fail2ban to block them. The via
is probably bogus unless a box at the DoD was comprimised.
On Sat, Dec 30, 2017 at 6:49 PM, sean darcy wrote:
> I've been getting a lot of timeo
On Sunday 31 December 2017 at 00:49:17, sean darcy wrote:
> I've been getting a lot of timeouts on non-critical invite transactions.
> So how is someone on a Dutch ISP using my server to mess with a US DoD
> ip address ?
What's your setting for "allowguest" (under [general]) in
/etc/asterisk/si
I've been getting a lot of timeouts on non-critical invite transactions.
I turned on sip debug. They were the result of SIP invites like this:
Retransmitting #10 (NAT) to 185.107.94.10:13057:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP
215.45.145.211:5060;branch=z9hG4bK-524287-1---zg4cfkl50hpwpv4
