From: Darac M. <mai...@da...> - 2013-03-31 10:19:29
|
On Thu, 28 Mar 2013 18:25:29 +0100 Patrick <pg...@op...> wrote: > Hey everyone, > > im running a few Asterisk installations which are visible to the web > via 5060. > > On a regular basis i see stuff like this in the logfiles: > > > [Mar 28 17:55:13] NOTICE[29227]: chan_sip.c:22461 > > handle_request_invite: Call from '' (91.121.89.80:5070) to > > extension '00972597524668' rejected because extension not found in > > context 'peerdefault'. == Using SIP RTP CoS mark 5 [Mar 28 > > 17:55:13] NOTICE[29227]: chan_sip.c:22461 handle_request_invite: > > Call from '' (91.121.89.80:5070) to extension '000972597524668' > > rejected because extension not found in context 'peerdefault'. == > > Using SIP RTP CoS mark 5 [Mar 28 17:55:14] NOTICE[29227]: > > chan_sip.c:22461 handle_request_invite: Call from > > '' (91.121.89.80:5076) to extension '900972597524668' rejected > > because extension not found in context 'peerdefault'. > > > This is an external user trying to use my box to dialout to a certain > number, trying through a few of what could be "Dialout Prefixes" like > "00" "000" "900". > > I would really like a fail2ban rule that scans the asterisk full log > for these unknown extension tries that bans after 2 misplaced calles. > > How do I go about fixing something like that? There is a page with some good information about using fail2ban with Asterisk at http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk (including a warning about limitations). It doesn't directly address the log entries you're seeing, but hopefully you can add a new pattern yourself. |