Am 26.09.2014 um 11:18 schrieb Armin Tüting :
> Hello Lonnie,
>
> Thursday, September 25, 2014, 8:55:17 PM, you wrote:
>
> ...
>
>> Would it be possible to capture a SIP packet for each of these cases ? For
>> example:
>> --
>> ngrep -d eth0 -qt -W byline port 5060
>> --
>> or possibly red
Hello Lonnie,
Thursday, September 25, 2014, 8:55:17 PM, you wrote:
...
> Would it be possible to capture a SIP packet for each of these cases ? For
> example:
> --
> ngrep -d eth0 -qt -W byline port 5060
> --
> or possibly redirected to a file for a new minutes and you can then
> ^C and look
Armin,
It would be easy enough for us to add the "Not a local domain" match for the
adaptive ban, our only concern is to make sure this isn't a common
misconfiguration case and cause more problems than it helps.
Would it be possible to capture a SIP packet for each of these cases ? For
exampl
> Hi Armin,
Hi Lonnie,
> 1) Your first "Failed to authenticate device" can't be banned since there is
> no "real" IP address logged, only what is in the sip: header, which can't be
> trusted.
Ok - what other option are available.
...
> Are you seeing this from bad guys ? Or could this be a mi
Hi Armin,
1) Your first "Failed to authenticate device" can't be banned since there is no
"real" IP address logged, only what is in the sip: header, which can't be
trusted.
2) Your second "Not a local domain" could be banned, as this occurs with a
common class of registration errors in Asteris
Hello,
could we get additional rules added to Adaptive Ban so that these
two would match
>Sep2422:10:48 astlinux local0.notice asterisk[14935]:
> NOTICE[14958][C-004d]: chan_sip.c:25639 in
> handle_request_invite:Failedtoauthenticate
