mosbah abdelkader
2010-Aug-01 21:27 UTC
[asterisk-users] fail2ban does not work for my asterisk installation
The failregex statement in my jail.conf file is:
*
failregex* = NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - Wrong
password
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - No
matching peer found
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' -
Username/auth name mismatch
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - Device
does not match ACL
NOTICE.* <HOST> failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' (from
<HOST>)
NOTICE.* .*: Host <HOST> failed MD5 authentication for
'.*' (.*)
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - ACL
error (permit/deny)
This is a log entry in /var/log/asterisk/full that shows the scan being
performed:
*2010-08-01 07:00:13 NOTICE[22540] chan_sip.c: Registration from
'"123456"<sip:123456@************>' failed for
'193.158.62.48' - ACL error
(permit/deny)*
The problem is that fail2ban does not detect this attack that was performed
for an amount of time of about half an hour.
Please help me identify the problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20100801/5a6d8cb6/attachment.htm
Randy R
2010-Aug-02 01:40 UTC
[asterisk-users] fail2ban does not work for my asterisk installation
On Sun, Aug 1, 2010 at 2:27 PM, mosbah abdelkader <mosbah.abdelkader at gmail.com> wrote:> The failregex statement in my jail.conf file is:Aren't the regex supposed to be in filters/myjail.conf ? Are you testing the regex with the fail2ban-regex client? Maybe you need to avoid some of the quotes and simplify the expressions, then play with the regex tests. /r
mosbah abdelkader
2010-Aug-02 19:15 UTC
[asterisk-users] fail2ban does not work for my asterisk installation
Thanks for your reply. My configuration is correct. It works with ssh: many attacks have been stopped. Also, the config has worked for asterisk one time: I have seen that in the fail2ban.log file. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100802/c6ef81d7/attachment.htm
mosbah abdelkader
2010-Aug-03 17:52 UTC
[asterisk-users] fail2ban does not work for my asterisk installation
Thank you doctor whom, It is working for me now. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100803/26213271/attachment.htm