[asterisk-users] fail2ban does not work for my asterisk installation
mosbah abdelkader
mosbah.abdelkader at gmail.com
Sun Aug 1 16:27:54 CDT 2010
The failregex statement in my jail.conf file is:
*
failregex* = NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Wrong
password
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No
matching peer found
NOTICE.* .*: Registration from '.*' failed for '<HOST>' -
Username/auth name mismatch
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Device
does not match ACL
NOTICE.* <HOST> failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' (from <HOST>)
NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - ACL
error (permit/deny)
This is a log entry in /var/log/asterisk/full that shows the scan being
performed:
*2010-08-01 07:00:13 NOTICE[22540] chan_sip.c: Registration from
'"123456"<sip:123456@************>' failed for '193.158.62.48' - ACL error
(permit/deny)*
The problem is that fail2ban does not detect this attack that was performed
for an amount of time of about half an hour.
Please help me identify the problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100801/5a6d8cb6/attachment.htm
More information about the asterisk-users
mailing list