[Astlinux-users] Firewall / Adaptive Ban for external / internet brute force attacks

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I had to open port 5060 to the internet for my brother PAP2-NA to get in. Initially I started getting a lot of brute force attacks but the “adaptive-ban” plugins took care of it.  Now I am getting a different type  of attacks?  See logs bellow.

I do have a firewall from UDMP-SE and this PBX is on a DMZ. I forward port 5060 on my WAN to this PBX.

Is it possible to create a rule and say only this “extension” can log in and everything else drop?  For instance the PAP2-NA extension is 505 for the purpose of this exercise. 

Thanks in advance
Ionel

Apr 22 10:55:29 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1447810443-1891497107-14325089 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 32000ms with no response
Apr 22 10:56:26 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-00000027]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <sip:9998@192.168.0.15:5060>;tag=1922473623 for INVITE, code = -1
Apr 22 10:56:58 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1920380597-2112014333-1667702904 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 32000ms with no response
Apr 22 10:57:38 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4210 in retrans_pkt: Timeout on 1138283951-307500403-1980426376 on non-critical invite transaction.
Apr 22 10:57:55 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-00000029]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <sip:9998@192.168.0.15:5060>;tag=739451700 for INVITE, code = -1
Apr 22 10:58:27 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 76533194-1510649679-2136561043 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 32000ms with no response
Apr 22 11:02:56 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4210 in retrans_pkt: Timeout on 2133735229-376621693-426493952 on non-critical invite transaction.
Apr 22 11:03:00 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002b]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <sip:8889@192.168.0.15:5060>;tag=595665381 for INVITE, code = -1
Apr 22 11:03:32 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1076661996-1742674713-465326551 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 32000ms with no response
Apr 22 11:04:30 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002c]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <sip:8889@192.168.0.15:5060>;tag=43636851 for INVITE, code = -1
Apr 22 11:05:02 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1728888031-387023100-315880286 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 32000ms with no response
Apr 22 11:05:59 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002d]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <sip:8889@192.168.0.15:5060>;tag=1367210315 for INVITE, code = -1
Apr 22 11:06:31 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 2061695187-795614543-1485048389 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 32000ms with no response
Apr 22 11:07:27 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002e]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <sip:8889@192.168.0.15:5060>;tag=277172302 for INVITE, code = -1
Apr 22 11:07:59 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 1019652159-463033238-1026431883 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 32000ms with no response
Apr 22 11:08:57 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285][C-0000002f]: chan_sip.c:19672 in send_check_user_failure_response: Failed to authenticate device <sip:8889@192.168.0.15:5060>;tag=1163877947 for INVITE, code = -1
Apr 22 11:09:29 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on transmission 469319743-1015333260-1652986992 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions Packet timed out after 32000ms with no response
Apr 22 11:12:44 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: chan_sip.c:4210 in retrans_pkt: Timeout on 160522783-725134999-814499190 on non-critical invite transaction.
Apr 22 11:13:27 HOME-PBX local0.notice asterisk[1092]: NOTICE[1285]: chan_sip.c:30575 in sip_poke_noanswer: Peer '204' is now UNREACHABLE!  Last qualify: 48