<span id="result_box" class="long_text"><span title="">Thanks again.<br><br></span><span title="">But it was a question pending. </span><span style="" title="">It's possible AMI show failure resgisters and wrong password? </span><span style="" title="">Because I already have a Java program for AMI and a
few lines of modification would solve my problem if asterisk sends the
information to the AMI.<br><br><br><br></span><span title="">Thanks,<br></span><span title="">Rodrigo Lang.<br><br><br></span></span><br><div class="gmail_quote">2010/6/29 Andrew Latham <span dir="ltr"><<a href="mailto:lathama@gmail.com">lathama@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Please start here <a href="http://www.spamhaus.org/drop/" target="_blank">http://www.spamhaus.org/drop/</a> with your BGP<br>
routes.... Then move up to log parsing.<br>
<br>
<br>
~<br>
Andrew "lathama" Latham<br>
<a href="mailto:lathama@gmail.com">lathama@gmail.com</a><br>
<br>
* Learn more about OSS <a href="http://en.wikipedia.org/wiki/Open-source_software" target="_blank">http://en.wikipedia.org/wiki/Open-source_software</a><br>
* Learn more about Linux <a href="http://en.wikipedia.org/wiki/Linux" target="_blank">http://en.wikipedia.org/wiki/Linux</a><br>
* Learn more about Tux <a href="http://en.wikipedia.org/wiki/Tux" target="_blank">http://en.wikipedia.org/wiki/Tux</a><br>
<div><div></div><div class="h5"><br>
<br>
<br>
On Tue, Jun 29, 2010 at 1:38 PM, Zeeshan Zakaria <<a href="mailto:zishanov@gmail.com">zishanov@gmail.com</a>> wrote:<br>
> If I didn't have fail2ban, I would have way over 20k of these entries in my<br>
> asterisk log.<br>
><br>
> Zeeshan A Zakaria<br>
><br>
> --<br>
> <a href="http://www.ilovetovoip.com" target="_blank">www.ilovetovoip.com</a><br>
><br>
> On 2010-06-29 1:36 PM, "Rodrigo Lang" <<a href="mailto:rodrigoferreiralang@gmail.com">rodrigoferreiralang@gmail.com</a>> wrote:<br>
><br>
> Good afternoon.<br>
><br>
> Thanks to everyone for answers. What I find strange is the asterisk does not<br>
> have any native tool for him to SIP server security. Here's an example of<br>
> the syslog messages from asterisk:<br>
><br>
> [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"<br>
> <sip:213@my_extern_ip>' failed for '116 .124.128.82 '- Wrong password<br>
> [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"<br>
> <sip:213@my_extern_ip>' failed for '116 .124.128.82 '- Wrong password<br>
> [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"<br>
> <sip:213@my_extern_ip>' failed for '116 .124.128.82 '- Wrong password<br>
> [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"<br>
> <sip:213@my_extern_ip>' failed for '116 .124.128.82 '- Wrong password<br>
> [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"<br>
> <sip:213@my_extern_ip>' failed for '116 .124.128.82 '- Wrong password<br>
> [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"<br>
> <sip:213@my_extern_ip>' failed for '116 .124.128.82 '- Wrong password<br>
> [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"<br>
> <sip:213@my_extern_ip>' failed for '116 .124.128.82 '- Wrong password<br>
> [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213"<br>
> <sip:213@my_extern_ip>' failed for '116 .124.128.82 '- Wrong password<br>
><br>
> From what I told there is around twenty thousand records that at one time.<br>
> And at least once a week I receive such an attack coming from a different<br>
> ip.<br>
><br>
> I will read the articles. Thanks again to everyone.<br>
><br>
><br>
> Regards,<br>
> Rodrigo Lang.<br>
><br>
><br>
> 2010/6/29 Kenny Watson <<a href="mailto:kwatson@geniusgroupltd.com">kwatson@geniusgroupltd.com</a>><br>
><br>
>><br>
>> Hi, you can use fail2ban<br>
>> <a href="http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asteri." target="_blank">http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asteri.</a>..<br>
><br>
> --<br>
> _____________________________________________________________________<br>
> -- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
> New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
> <a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
><br>
> asterisk-users mailing list<br>
> To UNSUBSCRIBE or update options visit:<br>
> <a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
><br>
> --<br>
> _____________________________________________________________________<br>
> -- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
> New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
> <a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
><br>
> asterisk-users mailing list<br>
> To UNSUBSCRIBE or update options visit:<br>
> <a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
><br>
<br>
</div></div>--<br>
<div><div></div><div class="h5">_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a></div></div></blockquote></div><br>