Hi, I Have added this line for asterisk 1.8 (i have allowguest=yes and context=default in sip.conf): NOTICE.* .*: Call from '.*' (<HOST>) to extension '.*' rejected because extension not found in context 'default'.
Em 29-12-2011 13:03, Patrick Lists escreveu: > Hi, > > In the thread "Interesting attack tonight & fail2ban them" Bruce B mentioned > it would be nice to have input from the Community to come up with the best > set of fail2ban filters. That's a great idea. So let's start with Bruce's > filters (thanks!) and take it from there. Anyone have any improvements and/or > additions? Apologies for the line wrap. No idea how to prevent that in > Thunderbird. The filters are also at http://pastebin.com/6T9M1W3F > > Not sure but it may be possible that logging has changed between Asterisk > 1.4, 1.6, 1.8 and 10 so please mention the asterisk version with your filters. > > For Asterisk 1.8: > > failregex = Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Wrong > password > Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - No > matching peer found > Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Device > does not match ACL > Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - > Username/auth name mismatch > Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Peer > is not supposed to register > NOTICE.* <HOST> failed to authenticate as '.*'$ > NOTICE.* .*: No registration for peer '.*' (from <HOST>) > NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*) > VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice' > (language '.*') > > > There are 2 lines that I have which are not in this list: > > NOTICE.* .*: Registration from '.*' failed for '<HOST>' - ACL error > (permit/deny) > NOTICE.* .*: Failed to authenticate user .*@<HOST>.* > > How about those (no idea for which Asterisk version they are)? > > Regards, > Patrick > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users -- Diego Aguirre (DagMoller) Infodag Consultoria FWD#: 459696 Enum#: +55 21 8871-4916 (e164.org) DUNDi-br#: 21 8871-4916 -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
