[asterisk-users] sip attack.. fail2ban not stopping attack
Administrator TOOTAI
admin at tootai.net
Mon Dec 27 16:03:15 UTC 2010
Le 27/12/2010 16:20, dave george a écrit :
> [...]
>
> [Definition]
>
> #_daemon = asterisk
>
> # Option: failregex
> # Notes.: regex to match the password failures messages in the logfile. The
> # host must be matched by a group named "host". The tag "<HOST>"
> can
> # be used for standard IP/hostname matching and is only an alias
> for
> # (?:::f{4,6}:)?(?P<host>\S+)
> # Values: TEXT
> #
>
> failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Wrong
> password
> NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No
> matching peer found
> NOTICE.* .*: Registration from '.*' failed for '<HOST>' -
> Username/auth name mismatch
> NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Device
> does not match ACL
> NOTICE.*<HOST> failed to authenticate as '.*'$
> NOTICE.* .*: No registration for peer '.*' \(from<HOST>\)
> NOTICE.* .*: Host<HOST> failed MD5 authentication for '.*' (.*)
> NOTICE.* .*: Failed to authenticate user .*@<HOST>.*
> ignoreregex =
> [...]
>
How looks your asterisk notice file?
---
Daniel
More information about the asterisk-users
mailing list