I see MANY of these in my log files: [Jan 15 03:06:12] NOTICE[14129] chan_sip.c: Registration from '"202" <sip:202 at X:5060>' failed for '37.8.12.147:26832' - Wrong password [Jan 15 03:06:19] NOTICE[14129] chan_sip.c: Registration from '"5001" <sip:5001 at X:5060>' failed for '37.8.12.147:21268' - Wrong password [Jan 15 03:06:23] NOTICE[14129] chan_sip.c: Registration from '"30" <sip:30 at X:5060>' failed for '37.8.12.147:21270' - Wrong password [Jan 15 03:06:48] NOTICE[14129] chan_sip.c: Registration from '"70" <sip:70 at X:5060>' failed for '37.8.12.147:21328' - Wrong password [Jan 15 03:06:50] NOTICE[14129][C-00000085] chan_sip.c: Call from '' ( 8.33.7.110:5103) to extension '889011972592735467' rejected because extension not found in context 'default'. [Jan 15 03:06:56] NOTICE[14129] chan_sip.c: Registration from '"4" <sip:4 at X:5060>' failed for '37.8.12.147:21272' - Wrong password [Jan 15 03:07:11] NOTICE[14129] chan_sip.c: Registration from '"12001" <sip:12001 at X:5060>' failed for '37.8.12.147:5060' - Wrong password [Jan 15 03:34:02] NOTICE[14129][C-00000086] chan_sip.c: Call from '' ( 172.246.236.90:5078) to extension '8889011972595301123' rejected because extension not found in context 'default'. What is the "correct" way to block these idiots so they don't even get this far. Thanks, Jerry -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140118/c2a6b249/attachment.html>
On Sat, 18 Jan 2014, Jerry Geis wrote:> I see MANY of these in my log files: > > [Jan 15 03:06:12] NOTICE[14129] chan_sip.c: Registration from '"202" <sip:202 at X:5060>' failed for '37.8.12.147:26832' - Wrong password > > What is the "correct" way to block these idiots so they > don't even get this far.Use iptables to allow packets from your legitimate users, block everybody else. If you are dealing with a mobile user base or an extensive geographic area, at least block the countries where you do not expect traffic -- North Korea, China, xxxistan, etc. Drop these at the front door (90% of the problem) and use fail2ban to pick off the rest. -- Thanks in advance, ------------------------------------------------------------------------- Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000
Reasonably Related Threads
- [1.8] Unable to Register: Registration denied because of contact ACL
- problem with polarity reverse
- Failed to terminate process X with SIGKILL: Device or resource busy
- Confusing Contexts using AMP
- Rsync 3.0.5 sometimes hangs copying local disk to other local disk (Solaris 9)