Answer the question
In order to leave comments, you need to log in
K
K
krll-k2016-11-26 12:55:23
krll-k, 2016-11-26 12:55:23
Why doesn't Fail2ban ban everyone? How to add a rule to message?
See message:
[Nov 26 09:50:03] SECURITY[57]: res_security_log.c:116 security_event_stasis_cb: SecurityEvent="ChallengeSent",EventTV="2016-11-26T09:50:03.677+0000",Se
verity="Informational",Service="SIP",EventVersion="1",AccountID="sip:[email protected]",SessionID="0x7ff7140811e8",LocalAddress="IPV4/UDP/188.166.54.23
0/5060",RemoteAddress="IPV4/UDP/209.126.117.223/5070",Challenge="042b3eca"Look at our Fail2ban:
[email protected]:/asterisk-13.10.0# fail2ban-client status asterisk
Status for the jail: asterisk
|- Filter
| |- Currently failed: 0
| |- Total failed: 1232
| `- File list: /var/log/asterisk/messages
`- Actions
|- Currently banned: 3
|- Total banned: 3
`- Banned IP list: 23.239.86.114 213.202.233.189 155.94.64.74We understand that Fail2ban does not know how to ban such people. How to fix?
UPD . I don't have a 900 subscriber, as you can see:
localhost*CLI> sip show peers
Name/username Host Dyn Forcerport Comedia ACL Port Status Description
1000/1000 0.0.0.0 D No No 53225 Unmonitored
1001/1001 (Unspecified) D No No 0 Unmonitored
multifon-out/89997776655 193.201.229.35 Yes Yes 5060 Unmonitored
3 sip peers [Monitored: 0 online, 0 offline Unmonitored: 2 online, 1 offline] 2 answer(s)
@Rsa97
R
Rsa97, 2016-11-26 @Rsa97
А за что таких банить? Штатное сообщение одного из этапов аутентификации, отправка Challenge.
Similar questions
K
M
A
E
C
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question