[asterisk-users] No matching peers message has gone (1.8.23.1)

Ishfaq Malik ish at pack-net.co.uk
Mon Nov 4 10:00:02 CST 2013


Hi Arthur

It was a fail2ban based query and fail2ban is still working fine.

I was just trying to find out if the change was intentional or not.

Regards

Ish


On 4 November 2013 15:52, Arthur J. Stanfield <aj at dmcip.com> wrote:

> Hi Ish,
>
> I assume you are using Fail2Ban to monitor the logs for dictionary attacks
> - If so, the following regex should work for 1.8:
>
> Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Wrong password
> Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - No matching
> peer found
> Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Username/auth
> name mismatch
> Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Device does not
> match ACL
> Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Peer is not
> supposed to register
>
>
>
> -
> Regards,
> AJ Stanfield
>
> t: 0161-850-4001
> e: aj at dmcip.com
> w: http://www.dmcip.com
>
> ----- Original Message -----
> From: "Ishfaq Malik" <ish at pack-net.co.uk>
> To: "Asterisk Users Mailing List - Non-Commercial Discussion" <
> asterisk-users at lists.digium.com>
> Sent: Monday, 4 November, 2013 3:36:06 PM
> Subject: Re: [asterisk-users] No matching peers message has gone (1.8.23.1)
>
>
>
> Hi
>
>
> Thanks for the quick response. I'll read all the change logs from now on,
> I promise!
>
>
> Ish
>
>
>
> On 4 November 2013 15:29, Joshua Colp < jcolp at digium.com > wrote:
>
>
>
> Ishfaq Malik wrote:
>
>
> Hi
>
> Ever since we upgraded our asterisk servers to 1.8.23.1, we no longer
> get the 'no matching peer' error when we get a dictionary SIP attack.
>
> Now the logs always show a 'wrong password' when there actually isn't a
> matching peer.
>
> We even have alwaysauthreject = yes in our sip.conf.
>
> Has anyone else noticed this phenomenon?
>
> This is on purpose. To fix some exposure issues the code was changed to
> have an internal peer (albeit one that can never successfully be
> authenticated against) that gets used if no real peer is found. This
> reduces the chance (by a lot) of the code exposing information in some off
> nominal cases.
>
> --
> Joshua Colp
> Digium, Inc. | Senior Software Developer
> 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
> Check us out at: www.digium.com & www.asterisk.org
>
> --
> ______________________________ ______________________________ _________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/ mailman/listinfo/asterisk- users
>
>
>
>
> --
>
> Ishfaq Malik
> Department: VOIP Support
> Company: Packnet Limited
> t: +44 (0)845 004 4994
> f: +44 (0)161 660 9825
> e: ish at pack-net.co.uk w: http://www.pack-net.co.uk Registered Address:
> PACKNET LIMITED, Duplex 2, Ducie House
> 37 Ducie Street
> Manchester, M1 2JW
> COMPANY REG NO. 04920552
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>



-- 

Ishfaq Malik
Department: VOIP Support
Company: Packnet Limited
t: +44 (0)845 004 4994
f: +44 (0)161 660 9825
e: ish at pack-net.co.uk
w: http://www.pack-net.co.uk

Registered Address: PACKNET LIMITED, Duplex 2, Ducie House
37 Ducie Street
Manchester, M1 2JW
COMPANY REG NO. 04920552
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20131104/0ab0d9e7/attachment.html>


More information about the asterisk-users mailing list