[asterisk-users] Fail2ban for asterisk 16 PJSIP

John T. Bittner john at xaccel.net
Fri Jun 7 22:20:00 CDT 2019


Hopefully, this helps someone else.

This seems to be working for me.

# Fail2Ban configuration file
[INCLUDES]
#before = common.conf
[Definition]
failregex = NOTICE.* .*: Request \'REGISTER\' from '.*' failed for '<HOST>:.*' .* - No matching endpoint found
            NOTICE.* .*: Request \'REGISTER\' from '.*' failed for '<HOST>:.*' .* - Failed to authenticate
            NOTICE.* .*: Request \'REGISTER\' from '.*' failed for '<HOST>:.*' .* - Error to authenticate
            NOTICE.* .*: Request \'INVITE\' from '.*' failed for '<HOST>:.*' .*

John Bittner
Xaccel

From: asterisk-users [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of John T. Bittner
Sent: Thursday, June 6, 2019 3:40 PM
To: asterisk-users at lists.digium.com
Subject: [asterisk-users] Fail2ban for asterisk 16 PJSIP

Hello

Anyone have a working copy of Fail2ban asterisk filter asterisk.conf
for Asterisk 16 running PJSIP.

I have tried 10 different filters but none of them show any matches when testing with
fail2ban-regex

I see date template hits but no matches....

My log
[2019-06-06 15:37:20] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"2405" <sip:2405 at asterisk>' failed for '71.127.239.22:65476' (callid: 50670137772977-30593645157868 at 192.168.1.8<mailto:50670137772977-30593645157868 at 192.168.1.8>) - Failed to authenticate
[2019-06-06 15:37:52] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request 'INVITE' from '"as100" <sip:as100 at 95.179.170.109>' failed for '188.214.128.172:5076' (callid: 03e7f9d2dcdf4252506c440137e822b7) - No matching endpoint found
[2019-06-06 15:37:58] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"2405" <sip:2405 at asterisk>' failed for '71.127.239.22:65476' (callid: 352844365933467-383842003849650 at 192.168.1.8<mailto:352844365933467-383842003849650 at 192.168.1.8>) - Failed to authenticate
[2019-06-06 15:37:58] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"2405" <sip:2405 at asterisk>' failed for '71.127.239.22:65476' (callid: 352844365933467-383842003849650 at 192.168.1.8<mailto:352844365933467-383842003849650 at 192.168.1.8>) - Failed to authenticate
[2019-06-06 15:37:58] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"2405" <sip:2405 at asterisk>' failed for '71.127.239.22:65476' (callid: 352844365933467-383842003849650 at 192.168.1.8<mailto:352844365933467-383842003849650 at 192.168.1.8>) - Failed to authenticate
[2019-06-06 15:37:58] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"2405" <sip:2405 at asterisk>' failed for '71.127.239.22:65476' (callid: 352844365933467-383842003849650 at 192.168.1.8<mailto:352844365933467-383842003849650 at 192.168.1.8>) - Failed to authenticate
[2019-06-06 15:38:36] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"2405" <sip:2405 at asterisk>' failed for '71.127.239.22:65476' (callid: 352413680053562-322991201237060 at 192.168.1.8<mailto:352413680053562-322991201237060 at 192.168.1.8>) - Failed to authenticate
[2019-06-06 15:38:36] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"2405" <sip:2405 at asterisk>' failed for '71.127.239.22:65476' (callid: 352413680053562-322991201237060 at 192.168.1.8<mailto:352413680053562-322991201237060 at 192.168.1.8>) - Failed to authenticate
[2019-06-06 15:38:36] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"2405" <sip:2405 at asterisk>' failed for '71.127.239.22:65476' (callid: 352413680053562-322991201237060 at 192.168.1.8<mailto:352413680053562-322991201237060 at 192.168.1.8>) - Failed to authenticate
[2019-06-06 15:38:36] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"2405" <sip:2405 at asterisk>' failed for '71.127.239.22:65476' (callid: 352413680053562-322991201237060 at 192.168.1.8<mailto:352413680053562-322991201237060 at 192.168.1.8>) - Failed to authenticate
[2019-06-06 15:39:14] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"2405" <sip:2405 at asterisk>' failed for '71.127.239.22:65476' (callid: 211973110361898-30014604441241 at 192.168.1.8<mailto:211973110361898-30014604441241 at 192.168.1.8>) - Failed to authenticate
[2019-06-06 15:39:14] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"2405" <sip:2405 at asterisk>' failed for '71.127.239.22:65476' (callid: 211973110361898-30014604441241 at 192.168.1.8<mailto:211973110361898-30014604441241 at 192.168.1.8>) - Failed to authenticate
[2019-06-06 15:39:14] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"2405" <sip:2405 at asterisk>' failed for '71.127.239.22:65476' (callid: 211973110361898-30014604441241 at 192.168.1.8<mailto:211973110361898-30014604441241 at 192.168.1.8>) - Failed to authenticate
[2019-06-06 15:39:14] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"2405" <sip:2405 at asterisk>' failed for '71.127.239.22:65476' (callid: 211973110361898-30014604441241 at 192.168.1.8<mailto:211973110361898-30014604441241 at 192.168.1.8>) - Failed to authenticate
[2019-06-06 15:39:17] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request 'INVITE' from '"as100" <sip:as100 at 95.179.170.109>' failed for '188.214.128.172:5071' (callid: 8e12f1560bfe2c3ed5be895108727c46) - No matching endpoint found

Any help is much appreciated.

Thanks

John Bittner
CTO
[xaccellogoemail]
380 US Highway 46, Suite 500
Totowa, NJ 07512
Phone: 201.806.2602 x2405
Fax:       201.806.2604
Cell:       973.390.1090
www.xaccel.net<http://www.xaccel.net/>

CONFIDENTIALITY NOTICE:
This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential
and privileged information which should not be shared or forwarded. Any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the e-mail.

________________________________


Teach Canit xAntispam if this mail is spam:
Spam<http://mx1.xantispam.net/canit/b.php?c=s&i=020lvFIiR&m=5b7b9282412f&rlm=xaccel-net>
Not spam<http://mx1.xantispam.net/canit/b.php?c=n&i=020lvFIiR&m=5b7b9282412f&rlm=xaccel-net>
Forget previous vote<http://mx1.xantispam.net/canit/b.php?c=f&i=020lvFIiR&m=5b7b9282412f&rlm=xaccel-net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20190608/68d55320/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4300 bytes
Desc: image001.png
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20190608/68d55320/attachment.png>


More information about the asterisk-users mailing list