<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Mon, Aug 19, 2013 at 2:40 PM, Patrick Lists <span dir="ltr"><<a href="mailto:asterisk-list@puzzled.xs4all.nl" target="_blank">asterisk-list@puzzled.xs4all.nl</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="im">On 08/19/2013 08:10 PM, Eric Wieling wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
One of Asterisk's dirty little secrets is that it does not show the source IP when a device or hacker tries sending a call without registering. The rejection message in the logs do not show the IP of the attacker. Yes it sucks, yes it has been that way for many many years.<br>
</blockquote>
<br></div>
Are you aware of a patch that would show the source IP in the console and logs?<br>
<br></blockquote></div><br></div><div class="gmail_extra">I do something like this:<br><br>1. turn up the logging<br></div><div class="gmail_extra">2. add foo like this in my dial plan:<br><br>exten => _.,1,NoOp(Received incoming SIP connection from unknown peer to ${EXTEN})<br>
exten => _.,n,Log(NOTICE,"Anonymous peer IP: ${CHANNEL(peerip)}")<br>exten => _.,n,Set(DID=${IF($["${EXTEN:1:2}"=""]?s:${EXTEN})})<br>exten => _.,n,Goto(s,1)<br><br></div><div class="gmail_extra">
3. do some bar like this in my fail2ban filter:<br><br>VERBOSE.*SIP/<HOST>-.*Received incoming SIP connection from unknown peer<br>VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice' (language '.*')<br>
NOTICE.* .*: "Anonymous peer IP: <HOST><br>NOTICE.* .*: Failed to authenticate device .*\s?\<sip:.*@<HOST>\>.*<br><br></div><div class="gmail_extra">and that handles most of the hacking attempts I see on my system. I think it may be possible for the second line to catch some false matches, but I have not seen any issues with our system thus far.<br>
<br></div><div class="gmail_extra">Kind Regards,<br>Chris<br><br></div><div class="gmail_extra">PS. Feel free to comment on what is wrong with this and be sure to include the right way to do it. :-)<br></div></div>