[asterisk-users] No matching peers message has gone (1.8.23.1)

Arthur J. Stanfield aj at dmcip.com
Mon Nov 4 09:52:12 CST 2013 

Hi Ish,

I assume you are using Fail2Ban to monitor the logs for dictionary attacks - If so, the following regex should work for 1.8:

Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Wrong password
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - No matching peer found
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Username/auth name mismatch
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Device does not match ACL
Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Peer is not supposed to register



-
Regards,
AJ Stanfield

t: 0161-850-4001
e: aj at dmcip.com
w: http://www.dmcip.com

----- Original Message -----
From: "Ishfaq Malik" <ish at pack-net.co.uk>
To: "Asterisk Users Mailing List - Non-Commercial Discussion" <asterisk-users at lists.digium.com>
Sent: Monday, 4 November, 2013 3:36:06 PM
Subject: Re: [asterisk-users] No matching peers message has gone (1.8.23.1)



Hi 


Thanks for the quick response. I'll read all the change logs from now on, I promise! 


Ish 



On 4 November 2013 15:29, Joshua Colp < jcolp at digium.com > wrote: 



Ishfaq Malik wrote: 


Hi 

Ever since we upgraded our asterisk servers to 1.8.23.1, we no longer 
get the 'no matching peer' error when we get a dictionary SIP attack. 

Now the logs always show a 'wrong password' when there actually isn't a 
matching peer. 

We even have alwaysauthreject = yes in our sip.conf. 

Has anyone else noticed this phenomenon? 

This is on purpose. To fix some exposure issues the code was changed to have an internal peer (albeit one that can never successfully be authenticated against) that gets used if no real peer is found. This reduces the chance (by a lot) of the code exposing information in some off nominal cases. 

-- 
Joshua Colp 
Digium, Inc. | Senior Software Developer 
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA 
Check us out at: www.digium.com & www.asterisk.org 

-- 
______________________________ ______________________________ _________ 
-- Bandwidth and Colocation Provided by http://www.api-digital.com -- 
New to Asterisk? Join us for a live introductory webinar every Thurs: 
http://www.asterisk.org/hello 

asterisk-users mailing list 
To UNSUBSCRIBE or update options visit: 
http://lists.digium.com/ mailman/listinfo/asterisk- users 




-- 

Ishfaq Malik 
Department: VOIP Support
Company: Packnet Limited
t: +44 (0)845 004 4994
f: +44 (0)161 660 9825
e: ish at pack-net.co.uk w: http://www.pack-net.co.uk Registered Address: PACKNET LIMITED, Duplex 2, Ducie House
37 Ducie Street 
Manchester, M1 2JW
COMPANY REG NO. 04920552 
-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

More information about the asterisk-users mailing list