search for: srcip

Hi all, I need my servers to decide which network they are in (i.e. dmz), and the only clue is the servers IP-address. I was trying to accomplish it like this, but it doesn''t work: case $ipaddress { "10.1.1.*": { $network = "net1" } "10.2.2.*.*": { $network = "net2" } "10.3.3.*": {

I am currently suffering various SIP attacks. I am using the following extension to record the caller's IP address: exten => h,n,set(CDR(srcip)=${CHANNEL(recvip)}) However, in recent attacks, this IP address is not correct, and I believe that they are spoofing it. I am using asterisk 1.6.2.15. Does the CHANNEL(recvip) variable record IP show in the SIP header instead of the real, UDP source IP? If the CHANNEL(recvip) variable records th...

...ess is terminated. The error is as below: rsync: connection unexpectedly closed (1804855 bytes received so far) [receiver] rsync: connection unexpectedly closed (39 bytes received so far) [generator] The rsync command line is given as below: rsync --timeout=60 srcIp::path/file.tar.gz destPath/destFile On looking into the code, i found the comment saying that expecting an EOF over a network is wrong. Hence a wait for 10 seconds is done and then the connection is terminated. Does the increase in the time to a higher value solve this proble...

...r: bugzilla-nf20180726 at ta.grue.cc I have the same rules under both 4.9.111 and 4.8.3. The 4.8.3 kernel works as expected but not under 4.9.111. The rules are as follows: 4.8.3: [825033:522252112] -A m.voip.asterisk.reg -m hashlimit --hashlimit-upto 100/min --hashlimit-burst 70 --hashlimit-mode srcip,dstport --hashlimit-name m.voip.sip_r_li -j ACCEPT [366031:149053285] -A m.voip.asterisk.reg -m limit --limit 5/sec -j LOG --log-prefix "FW: SIP.REG LIMIT IN: " --log-level 6 [49357657:18457587442] -A m.voip.asterisk.reg -j DROP 4.9.111: [44798:20928681] -A m.voip.asterisk.reg -m hashlim...

...--------- <Date>03/06/2006 13:58:36.374</Date> <Cluster>CO-CCMPUB-01-Cluster</Cluster> <CMHost>10.101.66.10</CMHost> <TraceType>Trace</TraceType> <CTag>2,100,114,1.347</CTag> <SrcDev>10.66.101.10</SrcDev> <SrcIp>INVITE</SrcIp> <CTMapKey /> <CTMapVal /> <info>Cisco CallManagerDigit analysis: wait_DaReq - cepn=[] BlockFlag=[1]</info> </trace> - <trace> <Date>03/06/2006 13:58:36.374</Date> <Cluster>CO-CCMPUB-01-Cluster</Cluster...

...installed (/opt/openssh/bin), and also inserting /bin (which the telnet session lacked) SSH: PATH=/usr/bin:/bin:/usr/sbin:/sbin:/opt/openssh/bin:/usr/ccs/bin Telnet: PATH=/usr/bin:/usr/sbin:/usr/ccs/bin + Only the SSH session contains: SSH_TTY=/dev/pts/xx SSH_CONNECTION="srcIP srcport dstIP dstport" SSH_CLIENT="srcIP srcport dstport" USER=jlibove + The MAIL variable in the SSH session has an extra '/' in it: MAIL=/var/mail//jlibove compared to the telnet session MAIL=/var/mail/jlibove None of these seem critical, though the M...

...ace the binary takes to execute..so i cant go for the latest rsync version because of the space constraint. I have mentioned the rsync commmand line options used and the error thrown by rsync below for your reference. Rsync Command: rsync -aI --stats --copy-links --temp-dir=/tmp/ --timeout=55 srcIp::srcPath/srcFile destPath/destFile Error Given: io timeout after 55 second - exiting Can any bode help me or pointer me as to how can this problem of timeout be avoided ? That would be really thankful. Thanks and Regards, Vijay Ram.C -------------- next part -------------- HTML attachment scr...

I want to add an entry to a database every time a brute force registration attempt is done. from this database we are updating cisco routers with our ban list so our entire network is protected. The database side of things is working and has been for some time. I really would like to add the file2ban side of it to protect our asterisk system better. How would I best go about doing this

...G module, "NETFILTER drop ", it ends up getting mangled to "--log-prefix". excerpt from a file I feed to iptables-restore: -A LDROP -d 255.255.255.255/32 -p udp -j DROP -A LDROP -d 77.223.39.255/32 -p udp -j DROP -A LDROP -m hashlimit --hashlimit-above 1/min --hashlimit-mode srcip,dstip --hashlimit-burst 1 --hashlimit-name logldrop --hashlimit-htable-expire 60000 -j DROP -A LDROP -m limit --limit 5/s -j LOG --log-prefix "NETFILTER drop " --log-tcp-options --log-ip-options --log-uid --log-macdecode -A LDROP -j DROP iptables-restore succeeds. then: # iptables -nvx...

...0;40m\00040m", '\0' <repeats 44 times> tmp2 = "\e[1;35;40mSIP/000b82027e34-0205\e[0;37;40m", '\0' <repeats 38 times> tmp3 = "\e[1;35;40mzap/g1/00551138856342|120|rtS(10883)\e[0;37;40m\000accountcode:102190|UserID:3456|src:33225075|srcip:217.157.177.77|ConnectPrice:30|PeakPrice:60|RateID:55|CustomerID:30001|DestNameInt:Brazil_S?o"... #7 0x08078c74 in ast_pbx_run (c=0x43a45fa8) at pbx.c:1879 digit = 0 '\0' exten = '\0' <repeats 255 times> pos = 0 waittime = 1180700108...

...sed by the same CPU, and configure process scheduling to tie a single NSD server process to each of those CPUs. (Too complex for us! And of course this has it's drawbacks, too, wrt load distribution at least. And unfortunately our Intel igb NICs only can choose the receive queue based on IPv4 srcip,dstip tuples but all IPv6 packets end up always in the same queue.) FWIW, the unblocking seems to be triggered every time by this, around line 425 of rrl.c from nsd-3.2.16: ----- } else if(now - b->stamp > 0) { /* older bucket */ int olderblock = used_...

...ce/con fig/Profile/WorkingDirectory/temp1.txt 50 -rwx------ 1 corview corview 258959 Apr 27 2006 ./ricEMS/corView/resource/ config/Profile/WorkingDirectory/jta25b.jar 51 -rwx------ 1 corview corview 245 Feb 5 2007 ./ricEMS/corView/resource/con fig/Profile/WorkingDirectory/flt-arp-rep-srcip-deny-ruleid.txt As we see some files show up twice in find. For e.g, jta25b.jar is shown in line 50 (actual place) and in line 38 (bogus) -bash-3.00$ pwd /home/corview -bash-3.00$ find . -name jta25b.jar ./ricEMS/corView/resource/config/Profile/WorkingDirectory/jta25b.jar -bash-3.00$ How is this...

Hello, list members, can i limit pps rate with linux? How? -m limit does not fit, as i understood: it can help with low rates only (is that true? any suggestions?) Thank you, -- _,-=._ /|_/| `-.} `=._,.-=-._., @ @._, `._ _,-. ) _,.-'' ` G.m-"^m`m'' Dmytro O. Redchuk

When we designed our systems on asterisk we designed it to me multi-tenant. Se we use customer prefixes on all extensions. This allows us to have multiple customers using the same extension pools. It also reduces the hack foot print as hackers must know the prefix for a customer to try and brute force things. All passwords use 8+ characters with alfa/numeric and special characters. As I see

Hi all, 2012/2/29 Tom Swirly <tom at swirly.com>: > On Wed, Feb 29, 2012 at 11:29 AM, Raymond Lutz <raylutz at cognisys.com> wrote: >> >> This is absolutely not "off-topic" and if this list will not support this >> VERY IMPORTANT discussion, then I will be happy to host the discussion on a >> different list for those who are interested. I have been

--------------eth0---80.48.56.70---------- -------------80.48.56.65 ISP | my | router1 | | | linux | | | router2 ------------eth1---192.168.200.10----- ----------------192.168.1.1 ISP I''ve two ip from my isp one public and one internal. ISP have two routers router1 is gw for public ip and router2 is gw for internal