<br><br><div class="gmail_quote">On Sat, Dec 25, 2010 at 7:41 PM, dave george <span dir="ltr"><<a href="mailto:dgeorge@teletoneinc.com">dgeorge@teletoneinc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Yes we have that set in logger.conf.<br>
<div><div></div><div class="h5"><br>
-----Original Message-----<br>
From: <a href="mailto:asterisk-users-bounces@lists.digium.com">asterisk-users-bounces@lists.digium.com</a><br>
[mailto:<a href="mailto:asterisk-users-bounces@lists.digium.com">asterisk-users-bounces@lists.digium.com</a>] On Behalf Of Nick Ustinov<br>
Sent: Saturday, December 25, 2010 6:25 PM<br>
To: Asterisk Users Mailing List - Non-Commercial Discussion<br>
Subject: Re: [asterisk-users] sip attack.. fail2ban not stopping attack<br>
<br>
Make sure you have<br>
<br>
dateformat=%F %T<br>
<br>
in logger.conf<br>
<br>
<br>
<br>
On Sun, Dec 26, 2010 at 1:04 AM, Dave George <<a href="mailto:dgeorge@teletoneinc.com">dgeorge@teletoneinc.com</a>><br>
wrote:<br>
> My server is being attached all day and fail2ban is not stopping the<br>
> attack. I updated stamstamp to match fail2ban requirements.<br>
><br>
> [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830<br>
> handle_request_register: Registration from '"7002" '<br>
> failed for '38.108.40.94' - No matching peer found<br>
> [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830<br>
> handle_request_register: Registration from '"7002" '<br>
> failed for '38.108.40.94' - No matching peer found<br>
> [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830<br>
> handle_request_register: Registration from '"7002" '<br>
> failed for '38.108.40.94' - No matching peer found<br>
> [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830<br>
> handle_request_register: Registration from '"7002" '<br>
> failed for '38.108.40.94' - No matching peer found<br>
> [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830<br>
> handle_request_register: Registration from '"7002" '<br>
> failed for '38.108.40.94' - No matching peer found<br>
> [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830<br>
> handle_request_register: Registration from '"7002" '<br>
> failed for '38.108.40.94' - No matching peer found<br>
> [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830<br>
> handle_request_register: Registration from '"7002" '<br>
> failed for '38.108.40.94' - No matching peer found<br>
> [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830<br>
> handle_request_register: Registration from '"7002" '<br>
> failed for '38.108.40.94' - No matching peer found<br>
> [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830<br>
> handle_request_register: Registration from '"7002" '<br>
> failed for '38.108.40.94' - No matching peer found<br>
> [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830<br>
> handle_request_register: Registration from '"7002"<br>
> Dave<br>
><br>
><br></div></div></blockquote><div><br>If all else fails, check your /var/log/fail2ban log file. Any error messages there?<br> A typo in the file name of the log file to check; a jail that is set up but not<br>turned on; double check your set up. Use iptables -L -n to check<br>
that fail2ban is properly setting up a chain to block ip's. Is the<br>fail2ban service even running?<br><br>murf<br> <br></div></div><div id="WISESTAMP_SIG_9031"><span style="font-size: 13.3px; font-family: Verdana,Arial,Helvetica,sans-serif;"><img src="http://s.wisestamp.com/pixel.png?p=mozilla&v=2.0.4&t=1293341472136&u=5848228&e=7797" height="1" width="1"></span></div>