<span id="result_box" class="long_text"><span title="">Thanks again.<br><br></span><span title="">But it was a question pending. </span><span style="" title="">It&#39;s possible AMI show failure resgisters and wrong password? </span><span style="" title="">Because I already have a Java program for AMI and a 
few lines of modification would solve my problem if asterisk sends the 
information to the AMI.<br><br><br><br></span><span title="">Thanks,<br></span><span title="">Rodrigo Lang.<br><br><br></span></span><br><div class="gmail_quote">2010/6/29 Andrew Latham <span dir="ltr">&lt;<a href="mailto:lathama@gmail.com">lathama@gmail.com</a>&gt;</span><br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Please start here <a href="http://www.spamhaus.org/drop/" target="_blank">http://www.spamhaus.org/drop/</a> with your BGP<br>

routes....   Then move up to log parsing.<br>
<br>
<br>
~<br>
Andrew &quot;lathama&quot; Latham<br>
<a href="mailto:lathama@gmail.com">lathama@gmail.com</a><br>
<br>
* Learn more about OSS <a href="http://en.wikipedia.org/wiki/Open-source_software" target="_blank">http://en.wikipedia.org/wiki/Open-source_software</a><br>
* Learn more about Linux <a href="http://en.wikipedia.org/wiki/Linux" target="_blank">http://en.wikipedia.org/wiki/Linux</a><br>
* Learn more about Tux <a href="http://en.wikipedia.org/wiki/Tux" target="_blank">http://en.wikipedia.org/wiki/Tux</a><br>
<div><div></div><div class="h5"><br>
<br>
<br>
On Tue, Jun 29, 2010 at 1:38 PM, Zeeshan Zakaria &lt;<a href="mailto:zishanov@gmail.com">zishanov@gmail.com</a>&gt; wrote:<br>
&gt; If I didn&#39;t have fail2ban, I would have way over 20k of these entries in my<br>
&gt; asterisk log.<br>
&gt;<br>
&gt; Zeeshan A Zakaria<br>
&gt;<br>
&gt; --<br>
&gt; <a href="http://www.ilovetovoip.com" target="_blank">www.ilovetovoip.com</a><br>
&gt;<br>
&gt; On 2010-06-29 1:36 PM, &quot;Rodrigo Lang&quot; &lt;<a href="mailto:rodrigoferreiralang@gmail.com">rodrigoferreiralang@gmail.com</a>&gt; wrote:<br>
&gt;<br>
&gt; Good afternoon.<br>
&gt;<br>
&gt; Thanks to everyone for answers. What I find strange is the asterisk does not<br>
&gt; have any native tool for him to SIP server security. Here&#39;s an example of<br>
&gt; the syslog messages from asterisk:<br>
&gt;<br>
&gt; [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from &#39;&quot;213&quot;<br>
&gt; &lt;sip:213@my_extern_ip&gt;&#39; failed for &#39;116 .124.128.82 &#39;- Wrong password<br>
&gt; [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from &#39;&quot;213&quot;<br>
&gt; &lt;sip:213@my_extern_ip&gt;&#39; failed for &#39;116 .124.128.82 &#39;- Wrong password<br>
&gt; [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from &#39;&quot;213&quot;<br>
&gt; &lt;sip:213@my_extern_ip&gt;&#39; failed for &#39;116 .124.128.82 &#39;- Wrong password<br>
&gt; [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from &#39;&quot;213&quot;<br>
&gt; &lt;sip:213@my_extern_ip&gt;&#39; failed for &#39;116 .124.128.82 &#39;- Wrong password<br>
&gt; [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from &#39;&quot;213&quot;<br>
&gt; &lt;sip:213@my_extern_ip&gt;&#39; failed for &#39;116 .124.128.82 &#39;- Wrong password<br>
&gt; [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from &#39;&quot;213&quot;<br>
&gt; &lt;sip:213@my_extern_ip&gt;&#39; failed for &#39;116 .124.128.82 &#39;- Wrong password<br>
&gt; [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from &#39;&quot;213&quot;<br>
&gt; &lt;sip:213@my_extern_ip&gt;&#39; failed for &#39;116 .124.128.82 &#39;- Wrong password<br>
&gt; [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from &#39;&quot;213&quot;<br>
&gt; &lt;sip:213@my_extern_ip&gt;&#39; failed for &#39;116 .124.128.82 &#39;- Wrong password<br>
&gt;<br>
&gt; From what I told there is around twenty thousand records that at one time.<br>
&gt; And at least once a week I receive such an attack coming from a different<br>
&gt; ip.<br>
&gt;<br>
&gt; I will read the articles. Thanks again to everyone.<br>
&gt;<br>
&gt;<br>
&gt; Regards,<br>
&gt; Rodrigo Lang.<br>
&gt;<br>
&gt;<br>
&gt; 2010/6/29 Kenny Watson &lt;<a href="mailto:kwatson@geniusgroupltd.com">kwatson@geniusgroupltd.com</a>&gt;<br>
&gt;<br>
&gt;&gt;<br>
&gt;&gt; Hi, you can use fail2ban<br>
&gt;&gt; <a href="http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asteri." target="_blank">http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asteri.</a>..<br>
&gt;<br>
&gt; --<br>
&gt; _____________________________________________________________________<br>
&gt; -- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
&gt; New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
&gt;               <a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
&gt;<br>
&gt; asterisk-users mailing list<br>
&gt; To UNSUBSCRIBE or update options visit:<br>
&gt;   <a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
&gt;<br>
&gt; --<br>
&gt; _____________________________________________________________________<br>
&gt; -- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
&gt; New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
&gt;               <a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
&gt;<br>
&gt; asterisk-users mailing list<br>
&gt; To UNSUBSCRIBE or update options visit:<br>
&gt;   <a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
&gt;<br>
<br>
</div></div>--<br>
<div><div></div><div class="h5">_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
               <a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
   <a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a></div></div></blockquote></div><br>