Dave George
2010-Dec-25 23:04 UTC
[asterisk-users] sip attack.. fail2ban not stopping attack
My server is being attached all day and fail2ban is not stopping the attack. I updated stamstamp to match fail2ban requirements. [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 handle_request_register: Registration from '"7002" <sip:7002 at x.x.x.x>' failed for '38.108.40.94' - No matching peer found [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 handle_request_register: Registration from '"7002" <sip:7002 at x.x.x.x>' failed for '38.108.40.94' - No matching peer found [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 handle_request_register: Registration from '"7002" <sip:7002 at x.x.x.x>' failed for '38.108.40.94' - No matching peer found [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 handle_request_register: Registration from '"7002" <sip:7002 at x.x.x.x>' failed for '38.108.40.94' - No matching peer found [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 handle_request_register: Registration from '"7002" <sip:7002 at x.x.x.x>' failed for '38.108.40.94' - No matching peer found [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 handle_request_register: Registration from '"7002" <sip:7002 at x.x.x.x>' failed for '38.108.40.94' - No matching peer found [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 handle_request_register: Registration from '"7002" <sip:7002 at x.x.x.x>' failed for '38.108.40.94' - No matching peer found [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 handle_request_register: Registration from '"7002" <sip:7002 at x.x.x.x>' failed for '38.108.40.94' - No matching peer found [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 handle_request_register: Registration from '"7002" <sip:7002 at x.x.x.x>' failed for '38.108.40.94' - No matching peer found [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 handle_request_register: Registration from '"7002" <sip:70 Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20101225/4a1d3cf9/attachment.htm>
Nick Ustinov
2010-Dec-25 23:24 UTC
[asterisk-users] sip attack.. fail2ban not stopping attack
Make sure you have dateformat=%F %T in logger.conf On Sun, Dec 26, 2010 at 1:04 AM, Dave George <dgeorge at teletoneinc.com> wrote:> My server is being attached all day and fail2ban is not stopping the > attack. I updated stamstamp to match fail2ban requirements. > > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 > handle_request_register: Registration from '"7002" ' > failed for '38.108.40.94' - No matching peer found > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 > handle_request_register: Registration from '"7002" ' > failed for '38.108.40.94' - No matching peer found > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 > handle_request_register: Registration from '"7002" ' > failed for '38.108.40.94' - No matching peer found > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 > handle_request_register: Registration from '"7002" ' > failed for '38.108.40.94' - No matching peer found > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 > handle_request_register: Registration from '"7002" ' > failed for '38.108.40.94' - No matching peer found > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 > handle_request_register: Registration from '"7002" ' > failed for '38.108.40.94' - No matching peer found > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 > handle_request_register: Registration from '"7002" ' > failed for '38.108.40.94' - No matching peer found > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 > handle_request_register: Registration from '"7002" ' > failed for '38.108.40.94' - No matching peer found > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 > handle_request_register: Registration from '"7002" ' > failed for '38.108.40.94' - No matching peer found > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830 > handle_request_register: Registration from '"7002" > Dave > > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > ? ? ? ? ? ? ? http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > ? http://lists.digium.com/mailman/listinfo/asterisk-users >
Daniel Tryba
2010-Dec-27 10:16 UTC
[asterisk-users] sip attack.. fail2ban not stopping attack
On Sat, Dec 25, 2010 at 04:04:59PM -0700, Dave George wrote:> My server is being attached all day and fail2ban is not stopping the > attack. I updated stamstamp to match fail2ban requirements.How about posting your fail2ban config? -- Daniel Tryba