I think we should keep it in the wiki.
I sent login information to Sebastian.

- Y

On Wed, Jun 26, 2013 at 8:18 AM, Daniel Black <daniel.subs@internode.on.net> wrote:
On 26/06/13 17:07, Sebastian Arcus wrote:
> It seems that the Asterisk page on the fail2ban wiki
> (http://www.fail2ban.org/wiki/index.php/Asterisk) has become outdated,

yes. Hopefully out filter's haven't been.

> as it states fail2ban can't protect against certain types of attacks.
> The page makes several references to this fact, and links to a post on
> forums.asterisk.org
> I believe these problems have been fixed with the advent of the security
> log since Asterisk 10+ (by default located in
> /var/log/asterisk/security, when enabled in /etc/asterisk/logger.conf).
> The security log now provides sufficient data for fail2ban to block
> attackers exploiting just INVITE's, instead of the one's trying to REGISTER.

Updated a month ago to include this:

Can you see anything here missing or wrong?


> Unless my research on the above is wrong, I think it would be useful for
> the wiki page to be updated with the relevant information (including new
> filters/regex's for the security log - along the lines of the ones found
> here:
> http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk).
> I'd be happy to add the info myself if I can get an account to the wiki
> - or if anybody else who has access already can do it would be great.

Or perhaps we can obsolete the wiki pages and point straight to the filter.

This SF.net email is sponsored by Windows:

Build for Windows Store.

Fail2ban-users mailing list