Fail2ban works well otherwise you can write your own script im bash or perl to block them in iptables
Regards Andrew Colin-mobile Vsave(PTY)Ltd -------- Original message -------- From: Jerry Geis <[email protected]> Date:18/01/2014 10:59 PM (GMT+02:00) To: [email protected] Subject: [asterisk-users] stopping unwanted attempts I see MANY of these in my log files: [Jan 15 03:06:12] NOTICE[14129] chan_sip.c: Registration from '"202" <sip:202@X:5060>' failed for '37.8.12.147:26832' - Wrong password [Jan 15 03:06:19] NOTICE[14129] chan_sip.c: Registration from '"5001" <sip:5001@X:5060>' failed for '37.8.12.147:21268' - Wrong password [Jan 15 03:06:23] NOTICE[14129] chan_sip.c: Registration from '"30" <sip:30@X:5060>' failed for '37.8.12.147:21270' - Wrong password [Jan 15 03:06:48] NOTICE[14129] chan_sip.c: Registration from '"70" <sip:70@X:5060>' failed for '37.8.12.147:21328' - Wrong password [Jan 15 03:06:50] NOTICE[14129][C-00000085] chan_sip.c: Call from '' (8.33.7.110:5103) to extension '889011972592735467' rejected because extension not found in context 'default'. [Jan 15 03:06:56] NOTICE[14129] chan_sip.c: Registration from '"4" <sip:4@X:5060>' failed for '37.8.12.147:21272' - Wrong password [Jan 15 03:07:11] NOTICE[14129] chan_sip.c: Registration from '"12001" <sip:12001@X:5060>' failed for '37.8.12.147:5060' - Wrong password [Jan 15 03:34:02] NOTICE[14129][C-00000086] chan_sip.c: Call from '' (172.246.236.90:5078) to extension '8889011972595301123' rejected because extension not found in context 'default'. What is the "correct" way to block these idiots so they don't even get this far. Thanks, Jerry
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
