Displaying 20 results from an estimated 1000 matches similar to: "Asterisk 11 security log, fail2ban, drive-by SIP attacks"
2015 Jan 08
4
SEMI OFF-TOPIC - Fail2ban
Hi list , someone on the list has seen this type of connection
attempts in asterisk, fail2ban does not stop
2015-01-08 14:59:47] SECURITY[21515] res_security_log.c:
SecurityEvent="ChallengeSent",EventTV="1420750787-386840",Severity="Informational",Service="SIP",EventVersion="1",AccountID="sip:100 at
2017 Mar 01
3
fail2ban Asterisk 13.13.1
Hello, fail2ban does not ban offending IP.
NOTICE[29784] chan_sip.c: Registration from
'"user3"<sip:1005 at asterisk-ip:5060>' failed for 'offending-IP:53417' - Wrong
password
NOTICE[29784] chan_sip.c: Registration from
'"user3"<sip:1005 at asterisk-ip:5060>' failed for ?offending-IP:53911' -
Wrong password
systemctl status
2015 Sep 13
4
Fail2ban
Hello
I'm using the Fail2ban. I configuration below. I want to try to
prevent the continuous password. Fail2ban password that does not
prevent this form. (Asterisk 1.8 / Elastix interface)
What could be the problem ?
Asterisk log;
"Registration from '<sip:3060 at sip.x.eu;transport=UDP>' failed for
'x.x.x.x:32956' - Wrong password"
Fail2ban asterisk
2013 Mar 11
2
Centos 6.4 - yum update gives: Error: kernel conflicts with bfa-firmware
On trying a yum update I get the following error:
Error: kernel conflicts with bfa-firmware
yum suggests I work around the problem with --skip-broken or try running
'rpm -Va --nofiles --nodigest'
Is there an accepted process for resolving this?
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
giles at
2013 Aug 22
1
Load goes up imap-login
Every so often recently I've seen the load on my heavily under-used
dovecot server (1 mailbox) rise up to 1
A top shows imap-login to causing the issue.
I have checked /var/log/secure, /var/log/maillog, /var/log/messages and
cannot see anything unusual.
Anybody else seen something like this?
# 2.2.5: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-358.14.1.el6.x86_64 x86_64 CentOS release
2017 Mar 02
3
fail2ban Asterisk 13.13.1
If this is a small site, I recommend you download the free version of SecAst
(www.telium.ca <http://www.telium.ca> ) and replace fail2ban. SecAst does
NOT use the log file, or regexes, to match etc.instead it talks to Asterisk
through the AMI to extract security information. Messing with regexes is a
losing battle, and the lag in reading logs can allow an attacker 100+
registration
2013 Jun 27
1
Setting up softflowd - set promiscuous or not?
Hi List,
I''m in the process of setting up softflowd 0.9.9 on a Centos 6.4 system
(compiled from source tarball).
The daemon will listen to an unused interface that is receiving port
mirrored traffic (a.la. Span port)
I am planning on using the softflowd init script and sysconfig file
provided in the tar ball.
Do I need to manually put the unused interface into promiscuous mode, or
2015 Sep 14
2
Fail2ban
I solved the problem. "action.d/iptables-custom.conf" include only udp.
service fail2ban restart
Thank you.
On Sun, Sep 13, 2015 at 9:17 PM, Andres <andres at telesip.net> wrote:
> On 9/13/15 11:16 AM, Gokan Atmaca wrote:
>>
>> Hello
>>
>> I'm using the Fail2ban. I configuration below. I want to try to
>> prevent the continuous password.
2015 Jun 03
3
sedwards@sedwards.com causes me to be knocked off the list
Someone on this list uses the address @sedwards.com
I doubt this is their actual email address as there is no MX record for
sedwards.com and I can't find registration for their domain either.
Part of my mail servers reject these emails because they cannot be
replied to, or are likely to be spam.
Every so often I get a mail from the list management to say that I've
been unsubscribed
2015 Jan 05
0
Hardware raid LSI Megaraid not working since Centos 6.6
On 05/01/2015 15:14, Philippe BOURDEU d'AGUERRE wrote:
> Happy new year !
>
> We have a SuperMicro server with a LSI MegaRAID 9260-4i controller.
>
> Since Centos 6.6 update (kernel 2.6.32-504), the controller doesn't
> initialize at boot. Reverting to kernel 2.6.32-431 allows server to
> boot fine.
>
I have a similar system, and don't have your problem:
#
2018 May 17
2
Decoding SIP register hack
I need some help understanding SIP dialog. Some actor is trying to
access my server, but I can't figure out what he's trying to do ,or how.
I'm getting a lot of these warnings.
[May 17 10:08:08] WARNING[1532]: chan_sip.c:4068 retrans_pkt:
Retransmission timeout reached on transmission
_zIr9tDtBxeTVTY5F7z8kD7R.. for seqno 101
With SIP DEBUG I tracked the Call-ID to this INVITE :
2019 Jun 06
2
Fail2ban for asterisk 16 PJSIP
Hello
Anyone have a working copy of Fail2ban asterisk filter asterisk.conf
for Asterisk 16 running PJSIP.
I have tried 10 different filters but none of them show any matches when testing with
fail2ban-regex
I see date template hits but no matches....
My log
[2019-06-06 15:37:20] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"2405" <sip:2405 at
2019 Sep 27
2
Security AccountID unknown - PJSIP
Hi list,
I would like to now what is the sense of such type of entry in security.log
[2019-09-27 15:12:24] SECURITY[26964] res_security_log.c:
SecurityEvent="ChallengeSent",EventTV="2019-09-27T15:12:24.181+0200",Severity="Informational",Servic
e="PJSIP",EventVersion="1",AccountID="<unknown>",
2012 Mar 12
1
Extracting mbox format from Dovecot IMAP (mdbox)
Hi,
I'm looking for a quick tool that can connect to my IMAP account grab
all the messages in a particular folder and dump them to a mbox format file?
Anyone know a quick easy tool to do that?
This is a spam folder that I'd like to do some Bayes spam learning on,
but since I've migrated to mdbox I don't think I can do this directly on
the mailbox.
Any thoughts appreciated.
2019 Sep 30
2
Security AccountID unknown - PJSIP
Le 30/09/2019 à 11:45, Joshua C. Colp a écrit :
> On Fri, Sep 27, 2019, at 11:31 AM, Administrator TOOTAI wrote:
>> Hi list,
>>
>> I would like to now what is the sense of such type of entry in security.log
>>
>> [2019-09-27 15:12:24] SECURITY[26964] res_security_log.c:
>>
2019 Nov 27
2
Faxes stopped working - AMI issue?
I recently upgraded from Asterisk 13.19 to 16.6.1. Everything is
working fine with a few minor tweaks except outgoinf fax. Incoming
works fine.
I do outgoing faxing through an AMI call. Here is the output from the
security log:
[Nov 27 06:16:05] SECURITY[101222] res_security_log.c:
2011 Feb 14
1
Sendmail and Dovecot deliver (dovecot-lda)
Hi,
I have a Centos 5 system with sendmail running as my MTA.
Normally I note from sendmail logs that mails get delivered using the
'local' mailer.
I have therefore entered the following into my sendmail.mc file, from an
earlier post on this list:
define(`LOCAL_MAILER_PATH',`/usr/libexec/dovecot/deliver')
define(`LOCAL_MAILER_FLAGS',`DFMPhfnu9')
2015 Jan 09
0
SEMI OFF-TOPIC - Fail2ban
Hello;
Did you remember to uncomment the dateformat in
/etc/asterisk/logger.conf? That's necessary for fail2ban to work.
Logger.conf
[general]
dateformat=%F %T
Regards;
John
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of ricky
gutierrez
Sent: Thursday, January 08, 2015 4:38 PM
To: Asterisk
2015 Jan 09
2
SEMI OFF-TOPIC - Fail2ban
2015-01-09 3:53 GMT-06:00 Stefan Gofferje <lists at home.gofferje.net>:
>
> Do you really want to detect "ChallengeSent"? That should occur also on
> legitimate login processes...
>
Hi , strange thing is that I still have not this asterisk in
production and I see many attempts Connection.
Now keep in mind that when a connection of authentication is
successful the
2017 Mar 26
2
Manager events showing in CLI
Hi Ron,
I don't remember right now, but you can try this command:
cli> manager set debug off
Cheers
El 26 mar. 2017 3:58, "Telium Technical Support" <support at telium.ca>
escribi?:
I somehow cause AMI events to appear as output in the CLI, and I can?t
figure out how to turn them off. Can someone offer a command which will
suppress AMI events/commands from showing in