Please start here http://www.spamhaus.org/drop/ with your BGP routes.... Then move up to log parsing.
~ Andrew "lathama" Latham [email protected] * Learn more about OSS http://en.wikipedia.org/wiki/Open-source_software * Learn more about Linux http://en.wikipedia.org/wiki/Linux * Learn more about Tux http://en.wikipedia.org/wiki/Tux On Tue, Jun 29, 2010 at 1:38 PM, Zeeshan Zakaria <[email protected]> wrote: > If I didn't have fail2ban, I would have way over 20k of these entries in my > asterisk log. > > Zeeshan A Zakaria > > -- > www.ilovetovoip.com > > On 2010-06-29 1:36 PM, "Rodrigo Lang" <[email protected]> wrote: > > Good afternoon. > > Thanks to everyone for answers. What I find strange is the asterisk does not > have any native tool for him to SIP server security. Here's an example of > the syslog messages from asterisk: > > [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213" > <sip:2...@my_extern_ip>' failed for '116 .124.128.82 '- Wrong password > [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213" > <sip:2...@my_extern_ip>' failed for '116 .124.128.82 '- Wrong password > [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213" > <sip:2...@my_extern_ip>' failed for '116 .124.128.82 '- Wrong password > [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213" > <sip:2...@my_extern_ip>' failed for '116 .124.128.82 '- Wrong password > [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213" > <sip:2...@my_extern_ip>' failed for '116 .124.128.82 '- Wrong password > [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213" > <sip:2...@my_extern_ip>' failed for '116 .124.128.82 '- Wrong password > [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213" > <sip:2...@my_extern_ip>' failed for '116 .124.128.82 '- Wrong password > [Jun 15 03:05:46] NOTICE [25284] chan_sip.c: Registration from '"213" > <sip:2...@my_extern_ip>' failed for '116 .124.128.82 '- Wrong password > > From what I told there is around twenty thousand records that at one time. > And at least once a week I receive such an attack coming from a different > ip. > > I will read the articles. Thanks again to everyone. > > > Regards, > Rodrigo Lang. > > > 2010/6/29 Kenny Watson <[email protected]> > >> >> Hi, you can use fail2ban >> http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asteri... > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
