[asterisk-users] sip attack.. fail2ban not stopping attack
Steve Murphy
murf at parsetree.com
Sun Dec 26 05:35:17 UTC 2010
On Sat, Dec 25, 2010 at 7:41 PM, dave george <dgeorge at teletoneinc.com>wrote:
> Yes we have that set in logger.conf.
>
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Nick Ustinov
> Sent: Saturday, December 25, 2010 6:25 PM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: Re: [asterisk-users] sip attack.. fail2ban not stopping attack
>
> Make sure you have
>
> dateformat=%F %T
>
> in logger.conf
>
>
>
> On Sun, Dec 26, 2010 at 1:04 AM, Dave George <dgeorge at teletoneinc.com>
> wrote:
> > My server is being attached all day and fail2ban is not stopping the
> > attack. I updated stamstamp to match fail2ban requirements.
> >
> > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830
> > handle_request_register: Registration from '"7002" '
> > failed for '38.108.40.94' - No matching peer found
> > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830
> > handle_request_register: Registration from '"7002" '
> > failed for '38.108.40.94' - No matching peer found
> > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830
> > handle_request_register: Registration from '"7002" '
> > failed for '38.108.40.94' - No matching peer found
> > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830
> > handle_request_register: Registration from '"7002" '
> > failed for '38.108.40.94' - No matching peer found
> > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830
> > handle_request_register: Registration from '"7002" '
> > failed for '38.108.40.94' - No matching peer found
> > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830
> > handle_request_register: Registration from '"7002" '
> > failed for '38.108.40.94' - No matching peer found
> > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830
> > handle_request_register: Registration from '"7002" '
> > failed for '38.108.40.94' - No matching peer found
> > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830
> > handle_request_register: Registration from '"7002" '
> > failed for '38.108.40.94' - No matching peer found
> > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830
> > handle_request_register: Registration from '"7002" '
> > failed for '38.108.40.94' - No matching peer found
> > [2010-12-25 18:54:34] NOTICE[15415]: chan_sip.c:21830
> > handle_request_register: Registration from '"7002"
> > Dave
> >
> >
>
If all else fails, check your /var/log/fail2ban log file. Any error messages
there?
A typo in the file name of the log file to check; a jail that is set up but
not
turned on; double check your set up. Use iptables -L -n to check
that fail2ban is properly setting up a chain to block ip's. Is the
fail2ban service even running?
murf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20101225/effa14ce/attachment.htm>
More information about the asterisk-users
mailing list