[asterisk-users] Auto ban IP addresses
A J Stiles
asterisk_list at earthshod.co.uk
Thu Jan 3 02:41:23 CST 2013
On Wednesday 02 January 2013, Frank wrote:
> Greetings all,
>
> I have been seeing a lot of
>
> [Jan 2 16:36:31] NOTICE[7519]: chan_sip.c:23149 handle_request_invite:
> Sending fake auth rejection for device
> 100<sip:100 at 108.161.145.18>;tag=2e921697
>
> in my logs lately. Is there a way to automatically ban IP address from
> attackers within asterisk ?
There is a more "general-purpose" way to block IP addresses from which
unwanted traffic is coming: "fail2ban". This scans various logfiles for failed
login attempts, and can insert iptables rules to block the addresses whence
they originate.
On Ubuntu and Debian, just run
$ sudo apt-get install fail2ban
--
AJS
Answers come *after* questions.
More information about the asterisk-users
mailing list