Menu
▾
▴
[SSHGuard-users] attack signatures different services
|
From: jungle B. <jun...@gm...> - 2017-01-03 19:51:26
|
Hi All, Am I understanding correctly, the full list of what sshguard can block is listed here: http://www.sshguard.net/docs/reference/attack-signatures/ This amounts to ssh, mail, ftp. Is there a possibility of including things like FreeSWITCH? Here's an example log from a bad user: 9568ef4e-ce58-11e6-a604-736db5881309 2016-12-29 22:24:14.034837 [DEBUG] sofia.c:9851 sofia/internal/aor3=3--@68.96.222.9 receiving invite from 163.172.125.91:57347 version: 1.9.0 git eef2313 2016-12-20 22:19:30Z 32bit 2016-12-29 22:24:14.034837 [DEBUG] sofia.c:10018 IP 163.172.125.91 Rejected by acl "domains". Falling back to Digest auth. 2016-12-29 22:24:14.054870 [WARNING] sofia_reg.c:1792 SIP auth challenge (INVITE) on sofia profile 'internal' for [0048678887178@68.96.222.9] from ip 163.172.125.91 9568ef4e-ce58-11e6-a604-736db5881309 2016-12-29 22:24:14.294838 [DEBUG] sofia.c:9851 sofia/internal/aor3=3--@68.96.222.9 receiving invite from 163.172.125.91:57347 version: 1.9.0 git eef2313 2016-12-20 22:19:30Z 32bit 2016-12-29 22:24:14.294838 [DEBUG] sofia.c:10018 IP 163.172.125.91 Rejected by acl "domains". Falling back to Digest auth. 2016-12-29 22:24:14.294838 [WARNING] sofia_reg.c:2906 Can't find user [a'or'3=3--@192.168.0.137] from 163.172.125.91 2016-12-29 22:24:14.294838 [WARNING] sofia_reg.c:1737 SIP auth failure (INVITE) on sofia profile 'internal' for [0048678887178@68.96.222.9] from ip 163.172.125.91 e9e650b6-ce58-11e6-a606-736db5881309 2016-12-29 22:26:35.794835 [DEBUG] sofia.c:9851 sofia/internal/aor3=3--@68.96.222.9 receiving invite from 163.172.125.91:58453 version: 1.9.0 git eef2313 2016-12-20 22:19:30Z 32bit 2016-12-29 22:26:35.794835 [DEBUG] sofia.c:10018 IP 163.172.125.91 Rejected by acl "domains". Falling back to Digest auth. 2016-12-29 22:26:35.794835 [WARNING] sofia_reg.c:1792 SIP auth challenge (INVITE) on sofia profile 'internal' for [0048678887178@68.96.222.9] from ip 163.172.125.91 FYI, http://www.sshguard.net/ link for sshd is now wrong, should be https://www.openssh.com/ Thanks! -- ------- inum: 883510009027723 sip: jun...@si... |
