similar to: Security AccountID unknown - PJSIP

Displaying 20 results from an estimated 200 matches similar to: "Security AccountID unknown - PJSIP"

2019 Sep 30
2
Security AccountID unknown - PJSIP
Le 30/09/2019 à 11:45, Joshua C. Colp a écrit : > On Fri, Sep 27, 2019, at 11:31 AM, Administrator TOOTAI wrote: >> Hi list, >> >> I would like to now what is the sense of such type of entry in security.log >> >> [2019-09-27 15:12:24] SECURITY[26964] res_security_log.c: >>
2015 Jan 08
4
SEMI OFF-TOPIC - Fail2ban
Hi list , someone on the list has seen this type of connection attempts in asterisk, fail2ban does not stop 2015-01-08 14:59:47] SECURITY[21515] res_security_log.c: SecurityEvent="ChallengeSent",EventTV="1420750787-386840",Severity="Informational",Service="SIP",EventVersion="1",AccountID="sip:100 at
2019 Nov 27
2
Faxes stopped working - AMI issue?
I recently upgraded from Asterisk 13.19 to 16.6.1. Everything is working fine with a few minor tweaks except outgoinf fax. Incoming works fine. I do outgoing faxing through an AMI call. Here is the output from the security log: [Nov 27 06:16:05] SECURITY[101222] res_security_log.c:
2017 Mar 01
3
fail2ban Asterisk 13.13.1
Hello, fail2ban does not ban offending IP. NOTICE[29784] chan_sip.c: Registration from '"user3"<sip:1005 at asterisk-ip:5060>' failed for 'offending-IP:53417' - Wrong password NOTICE[29784] chan_sip.c: Registration from '"user3"<sip:1005 at asterisk-ip:5060>' failed for ?offending-IP:53911' - Wrong password systemctl status
2015 Jan 09
0
SEMI OFF-TOPIC - Fail2ban
Hello; Did you remember to uncomment the dateformat in /etc/asterisk/logger.conf? That's necessary for fail2ban to work. Logger.conf [general] dateformat=%F %T Regards; John -----Original Message----- From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of ricky gutierrez Sent: Thursday, January 08, 2015 4:38 PM To: Asterisk
2015 Jan 09
0
SEMI OFF-TOPIC - Fail2ban
On 01/08/2015 11:37 PM, ricky gutierrez wrote: > Hi list , someone on the list has seen this type of connection > attempts in asterisk, fail2ban does not stop > > 2015-01-08 14:59:47] SECURITY[21515] res_security_log.c: >
2015 Sep 13
4
Fail2ban
Hello I'm using the Fail2ban. I configuration below. I want to try to prevent the continuous password. Fail2ban password that does not prevent this form. (Asterisk 1.8 / Elastix interface) What could be the problem ? Asterisk log; "Registration from '<sip:3060 at sip.x.eu;transport=UDP>' failed for 'x.x.x.x:32956' - Wrong password" Fail2ban asterisk
2013 Jul 08
1
Asterisk 11 security log, fail2ban, drive-by SIP attacks
Just a note that I did a little work to extend FreePBX distro with some extra Fail2Ban which deals with some drive-by SIP registration attempts. My regex is poor to middling, but the steps detailed here: http://www.coochey.net/?p=61 manage to stop IPs which try to authenticate against Asterisk which FreePBX were not able to stop before. I would welcome any improvements anyone would care to
2015 Jan 09
2
SEMI OFF-TOPIC - Fail2ban
2015-01-09 3:53 GMT-06:00 Stefan Gofferje <lists at home.gofferje.net>: > > Do you really want to detect "ChallengeSent"? That should occur also on > legitimate login processes... > Hi , strange thing is that I still have not this asterisk in production and I see many attempts Connection. Now keep in mind that when a connection of authentication is successful the
2017 Mar 02
3
fail2ban Asterisk 13.13.1
If this is a small site, I recommend you download the free version of SecAst (www.telium.ca <http://www.telium.ca> ) and replace fail2ban. SecAst does NOT use the log file, or regexes, to match etc.instead it talks to Asterisk through the AMI to extract security information. Messing with regexes is a losing battle, and the lag in reading logs can allow an attacker 100+ registration
2018 May 17
2
Decoding SIP register hack
I need some help understanding SIP dialog. Some actor is trying to access my server, but I can't figure out what he's trying to do ,or how. I'm getting a lot of these warnings. [May 17 10:08:08] WARNING[1532]: chan_sip.c:4068 retrans_pkt: Retransmission timeout reached on transmission _zIr9tDtBxeTVTY5F7z8kD7R.. for seqno 101 With SIP DEBUG I tracked the Call-ID to this INVITE :
2015 Sep 14
2
Fail2ban
I solved the problem. "action.d/iptables-custom.conf" include only udp. service fail2ban restart Thank you. On Sun, Sep 13, 2015 at 9:17 PM, Andres <andres at telesip.net> wrote: > On 9/13/15 11:16 AM, Gokan Atmaca wrote: >> >> Hello >> >> I'm using the Fail2ban. I configuration below. I want to try to >> prevent the continuous password.
2017 Mar 26
2
Manager events showing in CLI
Hi Ron, I don't remember right now, but you can try this command: cli> manager set debug off Cheers El 26 mar. 2017 3:58, "Telium Technical Support" <support at telium.ca> escribi?: I somehow cause AMI events to appear as output in the CLI, and I can?t figure out how to turn them off. Can someone offer a command which will suppress AMI events/commands from showing in
2017 Mar 26
2
Manager events showing in CLI
Ok, Please, check your manager.conf and logger.conf for any clue about debugging options, into the Asterisk configuration directory. El 26 mar. 2017 14:52, "Telium Technical Support" <support at telium.ca> escribi?: > I tried that but it had no effect. Still see things like: > > > > [2017-03-26 13:49:39] DEBUG[2088]: manager.c:5693 match_filter: Examining >
2013 Mar 15
0
No subject
SecurityEvent="ChallengeSent",EventTV="1367741794-435078",Severity="Informat ional",Service="SIP",EventVersion="1",AccountID="sip:venu at 192.168.0.35",Sess ionID="0x337bf68",LocalAddress="IPV4/UDP/10.10.1.3/5060",RemoteAddress="IPV4 /UDP/192.168.1.90/5060",Challenge="41cdcd16" ^^^ The other
2018 May 17
3
Decoding SIP register hack
On 05/17/2018 11:38 AM, Frank Vanoni wrote: > On Thu, 2018-05-17 at 11:18 -0400, sean darcy wrote: > >> 3. How do I set up the server to block these ? >> >> 4. Can I stop the retransmitting of the 401 Unauthorized packets ? > > I'm happy with Fail2Ban protecting my Asterisk 13. Here is my > configuration: > > in /etc/asterisk/logger.conf: > >
2015 Jan 09
0
SEMI OFF-TOPIC - Fail2ban
I'd suggest taking a look at the free edition of SecAst (www.generationd.com). It handles these messages perfectly (and can also use AMI security events) - so you don't need to constantly be updating fail2ban rules. It's a drop in replacement for fail2ban. -M- P.S. My opinions are my own and do not necessarily represent those of my employer. As an employee of Generation D
2024 May 22
2
OpenSSH server doesn't log client disconnect without SSH_MSG_DISCONNECT
On Tue, 21 May 2024, Opty wrote: > Hello, > > can anyone confirm that OpenSSH server doesn't log client disconnect > without SSH_MSG_DISCONNECT? OpenSSH logs the disconnection regardless of whether the client sends SSH_MSG_DISCONNECT or just drops the connection. A little more information may be logged from the disconnect packet if it was sent, but there should always be a
2012 Dec 06
6
How to allow the user to user their own domain name
HI All, I am currently having feature where my users to have a subdomain for their account like xxx.myaddress.com,yyy.myaddress.com these will point to the corresponding users . How can I implement the feature where user can enter their own domain name instead of sub domain? regards, Loganathan Mob: +91 7760780741 | +91 9944414388 Skype: loganathan.sellappa ViewMe
2013 Jun 20
0
Would a DOS on dovecot running under a VM cause host to crash?
Hey All, I'm just wondering whether this is what caused my server to crash. Started last night in NZ land. Jun 20 19:22:11 elm dovecot: imap-login: Disconnected (tried to use disallowed plaintext auth): user=<>, rip=attackerip, lip=10.0.0.3, session=<0C8LzpDfZQDINsQC> occasionally get Jun 20 19:22:52 elm dovecot: imap-login: Disconnected (no auth attempts in 1 secs):