[asterisk-users] SEMI OFF-TOPIC - Fail2ban
Stefan Gofferje
lists at home.gofferje.net
Fri Jan 9 03:53:07 CST 2015
On 01/08/2015 11:37 PM, ricky gutierrez wrote:
> Hi list , someone on the list has seen this type of connection
> attempts in asterisk, fail2ban does not stop
>
> 2015-01-08 14:59:47] SECURITY[21515] res_security_log.c:
> SecurityEvent="ChallengeSent",EventTV="1420750787-386840",Severity="Informational",Service="SIP",EventVersion="1",AccountID="sip:100 at 173.230.133.20",SessionID="0x169f528",LocalAddress="IPV4/UDP/173.230.133.20/5060",RemoteAddress="IPV4/UDP/63.141.229.58/5078",Challenge="770e84a3"
> [2015-01-08 15:20:20] SECURITY[21515] res_security_log.c:
> SecurityEvent="ChallengeSent",EventTV="1420752020-854997",Severity="Informational",Service="SIP",EventVersion="1",AccountID="sip:102 at 173.230.133.20",SessionID="0x169f528",LocalAddress="IPV4/UDP/173.230.133.20/5060",RemoteAddress="IPV4/UDP/198.204.241.58/5074",Challenge="23965594"
>
>
> I modified the fail2ban with the filter, but still not detected
Do you really want to detect "ChallengeSent"? That should occur also on
legitimate login processes...
-S
--
(o_ Stefan Gofferje | SCLT, MCP, CCSA
//\ Reg'd Linux User #247167 | VCP #2263
V_/_ Heckler & Koch - the original point and click interface
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4079 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20150109/adb0935d/attachment.bin>
More information about the asterisk-users
mailing list