[asterisk-users] ID'ing failed auth IPs
Andrew Latham
lathama at gmail.com
Mon Nov 29 11:09:48 CST 2010
On Mon, Nov 29, 2010 at 2:01 PM, Hose <hose+asterisk at bluemaggottowel.com> wrote:
> So when someone's brute forcing your server is there a way to identify
> the originating IPs without using a tcpdump? When I get a failed auth
> on the console it shows 'account at asteriskserver' then tag=as25ca5023 (or
> some random string, though it's a bit odd as alwaysauthreject = yes is
> on in sip.conf). Anyway, the logs don't show anything more useful
> either. Is there something obvious I'm missing? Cranking up verbosity
> on the console doesn't seem to do anything.
>
> hose
You can use IPTABLES to log all traffic on a port for you. Instead of
ACCEPT or DROP use LOG.
More information about the asterisk-users
mailing list