I can't see those IPs in the /var/log/asterisk/full. I can't event see parts of the IP address as I try <i style="font-weight:bold">grep -o "23.20.189" full. </i>That is still nothing.<div><br></div><div>
I am wondering what is wrong here. This is my regex filter file:</div><div><br></div><div><div><br></div><div>failregex = Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Wrong password</div>
<div> Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - No matching peer found</div><div> Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Device does not match ACL</div>
<div> Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Username/auth name mismatch</div><div> Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Peer is not supposed to register</div>
<div> NOTICE.* <HOST> failed to authenticate as '.*'$</div><div> NOTICE.* .*: No registration for peer '.*' (from <HOST>)</div><div> NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)</div>
<div> VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice' (language '.*')</div><div> .* <SIP/<HOST>-.*> Playing 'ss-noservice.gsm' .*</div><div><br>
</div><div><br></div><div>Thanks,</div><br><div class="gmail_quote">On Fri, Jan 27, 2012 at 2:16 AM, Mikhail Lischuk <span dir="ltr"><<a href="mailto:mlischuk@itx.com.ua">mlischuk@itx.com.ua</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<u></u>
<div>
<p>asterisk jobs ΠΙΣΑΜ 27.01.2012 06:49:</p><div><div class="h5">
<blockquote type="cite" style="padding-left:5px;border-left:#1010ff 2px solid;margin-left:5px;width:100%">
<div>Hello everyone,</div>
I have noticed getting wired IPs blocked by Fail2ban. Has anyone else seen this or can explain this?
<div>
<div>Chain fail2ban-ASTERISK (1 references)</div>
<div>num target prot opt source destination </div>
<div>1 DROP all -- 0.23.20.189 <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a></div>
</div>
<div>I also get things like, 0.0.5.2, etc....Fail2ban seems to be working when I am testing. Are these numbers taken from the SIP packet or the TCP/IP protocol source because they surely are notvalidaddresses.</div>
<div>Thanks</div>
</blockquote>
</div></div><p>Did you find those IPs in Asterisk log?</p>
<p>If so - it isn't Fail2Ban problem, for it just parses logs and extracts substring</p><span class="HOEnZb"><font color="#888888">
<p></p>
<div>
<pre><span><span style="color:#999999">-- </span><br><span style="color:#999999">With Best Regards</span><br><span style="color:#999999"><a title="mailto:mlischuk@itx.com.ua" href="mailto:mlischuk@itx.com.ua" target="_blank">Mikhail Lischuk</a></span><br>
<span style="color:#999999"><br></span></span></pre>
<pre><span><br></span></pre>
</div>
</font></span></div>
<br>--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br></blockquote></div><br></div>