[asterisk-users] Interesting attack tonight & fail2ban them
Michelle Dupuis
mdupuis at ocg.ca
Wed Dec 28 22:50:09 CST 2011
I just realized there is no IP (host) in the message line, so no way for fail2ban to catch it.
Other suggestions? Or will I have to code something into my dialplan....
________________________________________
From: asterisk-users-bounces at lists.digium.com [asterisk-users-bounces at lists.digium.com] On Behalf Of Andrew Furey [andrew.furey at gmail.com]
Sent: Wednesday, December 28, 2011 11:37 PM
To: Asterisk Users List
Subject: Re: [asterisk-users] Interesting attack tonight & fail2ban them
On 29 December 2011 12:07, Michelle Dupuis <mdupuis at ocg.ca> wrote:
> I thought that it might be worth adding a line to my fail2ban filter, but am
> looking for a hand with the regex. I have come up with:
> NOTICE.* .*: Call from '' to extension '.*' rejected because
> extension not found
>
> but I realize that anyone misdialling a valid extension a few times gets cut
> off. Can someone suggest an improvement? (How could I limit this to 4 or
> more digits dialled for example?)
[ Caveat - I have never used fail2ban ]
If it supports Perl-style regexps, you could do:
NOTICE.* .*: Call from '' to extension '[0-9]{4,}' rejected because
extension not found
That will do "at least 4 digits".
Or the long way (Bash-style etc):
NOTICE.* .*: Call from '' to extension '[0-9][0-9][0-9][0-9][0-9]*'
rejected because extension not found
HTH,
Andrew
--
Linux supports the notion of a command line or a shell for the same
reason that only children read books with only pictures in them.
Language, be it English or something else, is the only tool flexible
enough to accomplish a sufficiently broad range of tasks.
-- Bill Garrett
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list