Thirdlane.com logo

Fail2Ban

Posted by dimarudman on Tue, 12/18/2012
Forums
Thirdlane platform General Questions

Hello

Noticed tons of these messages in the logs. Just started happening recently. Is there anything that can be done to get fail2ban to block against these attacks?


[2012-12-18 19:02:30] NOTICE[4004] chan_sip.c: Sending fake auth rejection for device "" ;tag=7e909e9e13ac
[2012-12-18 19:02:30] NOTICE[4004] chan_sip.c: Sending fake auth rejection for device "" ;tag=7e909e9e13ac
[2012-12-18 19:02:30] NOTICE[4004] chan_sip.c: Sending fake auth rejection for device "" ;tag=7e909e9e13ac
[2012-12-18 19:02:30] NOTICE[4004] chan_sip.c: Sending fake auth rejection for device "" ;tag=7e909e9e13ac
[2012-12-18 19:02:30] NOTICE[4004] chan_sip.c: Sending fake auth rejection for device "" ;tag=7e909e9e13ac
[2012-12-18 19:02:30] NOTICE[4004] chan_sip.c: Sending fake auth rejection for device "" ;tag=7e909e9e13ac
[2012-12-18 19:02:30] NOTICE[4004] chan_sip.c: Sending fake auth rejection for device "" ;tag=7e909e9e13ac
[2012-12-18 19:02:30] NOTICE[4004] chan_sip.c: Sending fake auth rejection for device "" ;tag=7e909e9e13ac
[2012-12-18 19:02:30] NOTICE[4004] chan_sip.c: Sending fake auth rejection for device "" ;tag=7e909e9e13ac
[2012-12-18 19:02:30] NOTICE[4004] chan_sip.c: Sending fake auth rejection for device "" ;tag=7e909e9e13ac
[2012-12-18 19:02:31] NOTICE[4004] chan_sip.c: Sending fake auth rejection for device "" ;tag=7e909e9e13ac
[2012-12-18 19:02:31] NOTICE[4004] chan_sip.c: Sending fake auth rejection for device "" ;tag=7e909e9e13ac
[2012-12-18 19:02:31] NOTICE[4004] chan_sip.c: Sending fake auth rejection for device "" ;tag=7e909e9e13ac
[2012-12-18 19:02:31] NOTICE[4004] chan_sip.c: Sending fake auth rejection for device "" ;tag=7e909e9e13ac
[2012-12-18 19:02:31] NOTICE[4004] chan_sip.c: Sending fake auth rejection for device "" ;tag=7e909e9e13ac
[2012-12-18 19:02:31] NOTICE[4004] chan_sip.c: Sending fake auth rejection for device "" ;tag=7e909e9e13ac
[2012-12-18 19:02:31] NOTICE[4004] chan_sip.c: Sending fake auth rejection for device "" ;tag=7e909e9e13ac
[2012-12-18 19:02:31] NOTICE[4004] chan_sip.c: Sending fake auth rejection for device "" ;tag=7e909e9e13ac

Thank you.

Submitted by dimarudman on Tue, 12/18/2012 Permalink

Notice message is not logging the attacker IP so fail2ban is kind of useless... anything else can be done about it? There are about 20 notices every 5 minutes.