[asterisk-users] Interesting attack tonight & fail2ban them
Andrew Furey
andrew.furey at gmail.com
Wed Dec 28 22:37:02 CST 2011
On 29 December 2011 12:07, Michelle Dupuis <mdupuis at ocg.ca> wrote:
> I thought that it might be worth adding a line to my fail2ban filter, but am
> looking for a hand with the regex. I have come up with:
> NOTICE.* .*: Call from '' to extension '.*' rejected because
> extension not found
>
> but I realize that anyone misdialling a valid extension a few times gets cut
> off. Can someone suggest an improvement? (How could I limit this to 4 or
> more digits dialled for example?)
[ Caveat - I have never used fail2ban ]
If it supports Perl-style regexps, you could do:
NOTICE.* .*: Call from '' to extension '[0-9]{4,}' rejected because
extension not found
That will do "at least 4 digits".
Or the long way (Bash-style etc):
NOTICE.* .*: Call from '' to extension '[0-9][0-9][0-9][0-9][0-9]*'
rejected because extension not found
HTH,
Andrew
--
Linux supports the notion of a command line or a shell for the same
reason that only children read books with only pictures in them.
Language, be it English or something else, is the only tool flexible
enough to accomplish a sufficiently broad range of tasks.
-- Bill Garrett
More information about the asterisk-users
mailing list