[asterisk-users] SEMI OFF-TOPIC - Fail2ban

Michelle Dupuis mdupuis at ocg.ca
Fri Jan 9 17:24:09 CST 2015

I'd suggest taking a look at the free edition of SecAst (www.generationd.com).  It handles these messages perfectly (and can also use AMI security events) - so you don't need to constantly be updating fail2ban rules.  It's a drop in replacement for fail2ban.  


P.S.  My opinions are my own and do not necessarily represent those of my employer.  As an employee of Generation D System you can bet my opinions are biased though!
From: asterisk-users-bounces at lists.digium.com <asterisk-users-bounces at lists.digium.com> on behalf of ricky gutierrez <xserverlinux at gmail.com>
Sent: Friday, January 9, 2015 3:02 PM
To: Asterisk Users List
Subject: Re: [asterisk-users] SEMI OFF-TOPIC - Fail2ban

2015-01-09 3:53 GMT-06:00 Stefan Gofferje <lists at home.gofferje.net>:
> Do you really want to detect "ChallengeSent"? That should occur also on
> legitimate login processes...

Hi , strange thing is that I still have not this asterisk in
production and I see many attempts Connection.

Now keep in mind that when a connection of authentication is
successful the message changes and is not exactly what you mention:

## SecurityEvent="SuccessfulAuth",EventTV="1420832883-140932",####

I think this type of connection attempts messages with my asterisk
that fail2ban  not detected.

I'm no expert, but the log not lie ;)



-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:

More information about the asterisk-users mailing list