Hello,<div><br></div><div>Do you set up, your logrotate in /etc/asterisk ?</div><div>Do you test that your fail2ban work fine?</div><div><br></div><div>Regards<br><br><div class="gmail_quote">On Wed, Dec 28, 2011 at 11:07 PM, Michelle Dupuis <span dir="ltr"><<a href="mailto:mdupuis@ocg.ca">mdupuis@ocg.ca</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div dir="ltr"><font color="#000000" face="Tahoma">I happened to be in the cli tonight as some (</font><font color="#000000" face="Tahoma">208.122.57.58) initiated a simple attack - just trying to make long distance calls from outside context.
Although harmless, this went on for several minutes as the idiot just used up my bandwidth with SIP messages. Here's and example:</font></div>
<font color="#000000" face="Tahoma">
<div dir="ltr"><br>
<a href="tel:%5B2011-12-28" value="+5620111228" target="_blank">[2011-12-28</a> 22:53:42] NOTICE[9635]: chan_sip.c:14035 handle_request_invite: Call from '' to extension '6442032987219' rejected because extension not found.<br>
<a href="tel:%5B2011-12-28" value="+5620111228" target="_blank">[2011-12-28</a> 22:53:44] NOTICE[9635]: chan_sip.c:14035 handle_request_invite: Call from '' to extension '7442032987216' rejected because extension not found.<br>
<a href="tel:%5B2011-12-28" value="+5620111228" target="_blank">[2011-12-28</a> 22:53:46] NOTICE[9635]: chan_sip.c:14035 handle_request_invite: Call from '' to extension '8442032987216' rejected because extension not found.<br>
<a href="tel:%5B2011-12-28" value="+5620111228" target="_blank">[2011-12-28</a> 22:53:48] NOTICE[9635]: chan_sip.c:14035 handle_request_invite: Call from '' to extension '008442032987215' rejected because extension not found.<br>
<a href="tel:%5B2011-12-28" value="+5620111228" target="_blank">[2011-12-28</a> 22:53:50] NOTICE[9635]: chan_sip.c:14035 handle_request_invite: Call from '' to extension '007442032987218' rejected because extension not found.<br>
<a href="tel:%5B2011-12-28" value="+5620111228" target="_blank">[2011-12-28</a> 22:53:52] NOTICE[9635]: chan_sip.c:14035 handle_request_invite: Call from '' to extension '006442032987219' rejected because extension not found.<br>
<a href="tel:%5B2011-12-28" value="+5620111228" target="_blank">[2011-12-28</a> 22:53:54] NOTICE[9635]: chan_sip.c:14035 handle_request_invite: Call from '' to extension '005442032987216' rejected because extension not found.<br>
<a href="tel:%5B2011-12-28" value="+5620111228" target="_blank">[2011-12-28</a> 22:53:56] NOTICE[9635]: chan_sip.c:14035 handle_request_invite: Call from '' to extension '004442032987250' rejected because extension not found.</div>
<div dir="ltr"><font face="tahoma"></font> </div>
<div dir="ltr"><font face="tahoma">I thought that it might be worth adding a line to my fail2ban filter, but am looking for a hand with the regex. I have come up with:</font></div></font></div>
<div dir="ltr"><font color="#000000" face="Tahoma"> NOTICE.* .*: Call from '' to extension '.*' rejected because extension not found
</font></div>
<div dir="ltr"><font face="tahoma"></font> </div>
<div dir="ltr"><font face="tahoma">but I realize that anyone misdialling a valid extension a few times gets cut off. Can someone suggest an improvement? (How could I limit this to 4 or more digits dialled for example?)</font></div>
<div dir="ltr"><font face="tahoma"></font> </div>
<div dir="ltr"><font face="tahoma">Thanks!</font></div>
<br>--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br></blockquote></div><br></div>