<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">I'm using fail2ban as well. What utility do you use to block entire countries? I have a herd of asterisk servers that could use this.<div><br></div><div><br><div><div><div>On May 22, 2012, at 10:24 AM, Randy Hammock wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">I don't run SIP on my Allstar node; however, I do have an Asterisk PBX that does run SIP. I took a two pronged approach. I use use fail2ban to lockout SIP bots that try to connect. I run another utility that is used to block entire countries. Both utilities use iptables to perform the blocking which use a few resources as possible. I occasionally analyze my log files to see where major attempts come from and adjust the blocks from there. I would like to block everything but allow just the locations desired; however, the allowed location are all on ISP DHCP addresses. The above have greatly reduced the amount of bogus traffic on the server.<br>
<br><div class="gmail_quote">On Sun, May 20, 2012 at 8:43 PM, George Csahanin <span dir="ltr"><<a href="mailto:george@dyb.com" target="_blank">george@dyb.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<u></u>
<div bgcolor="#ffffff">
<div><font face="Arial">Well, glad to know it isn't just me. And how many
milliseconds did this all take. That's what always amazes me. How quickly the
logins come, five to ten a second. </font></div>
<div><font face="Arial"></font> </div>
<div><font face="Arial">GeorgeC</font></div>
<div><font face="Arial">W2DB</font></div>
<div><font face="Arial">2360/2428/28599</font></div><div><div class="h5">
<div> </div>
<blockquote style="BORDER-LEFT:#000000 2px solid;PADDING-LEFT:5px;PADDING-RIGHT:0px;MARGIN-LEFT:5px;MARGIN-RIGHT:0px" dir="ltr">
<div style="FONT:10pt arial">----- Original Message ----- </div>
<div style="FONT:10pt arial;BACKGROUND:#e4e4e4"><b>From:</b>
<a title="k5try73@gmail.com" href="mailto:k5try73@gmail.com" target="_blank">Tony Youngblood</a>
</div>
<div style="FONT:10pt arial"><b>To:</b> <a title="app_rpt-users@ohnosec.org" href="mailto:app_rpt-users@ohnosec.org" target="_blank">app_rpt-users@ohnosec.org</a> </div>
<div style="FONT:10pt arial"><b>Sent:</b> Sunday, May 20, 2012 9:13 PM</div>
<div style="FONT:10pt arial"><b>Subject:</b> [App_rpt-users] SIP bots, hack
attempts?</div>
<div><br></div>
<div>Interesting discussion I had about sip hacks I had so I checked my log.
Any details, advice, insight?</div>
<div><br></div>
<div><span>file is 71,073,169 big!<br><br>[Mar 6 23:59:41]
NOTICE[1694] chan_sip.c: Registration from '"fu-min"<<a href="mailto:fu-min@108.238.216.11" target="_blank">sip:fu-min@108.238.216.11</a>>' failed
for '<a href="tel:95.211.167.69" target="_blank">95.211.167.69</a>' - No matching peer
found<br>[Mar 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from
'"fu-tze"<<a href="mailto:sip%3Afu-tze@108.238.216.11" target="_blank">sip:fu-tze@108.238.216.11</a>>'
failed for '<a href="tel:95.211.167.69" target="_blank">95.211.167.69</a>' - No matching peer
found<br>[Mar 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from
'"fu-yeung"<<a href="mailto:sip%3Afu-yeung@108.238.216.11" target="_blank">sip:fu-yeung@108.238.216.11</a>>'
failed for '<a href="tel:95.211.167.69" target="_blank">95.211.167.69</a>' - No matching peer
found<br>[Mar 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from
'"fugwo"<<a href="mailto:sip%3Afugwo@108.238.216.11" target="_blank">sip:fugwo@108.238.216.11</a>>'
failed for '<a href="tel:95.211.167.69" target="_blank">95.211.167.69</a>' - No matching peer
found<br>[Mar 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from
'"fuarnibol"<<a href="mailto:sip%3Afuarnibol@108.238.216.11" target="_blank">sip:fuarnibol@108.238.216.11</a>>'
failed for '<a href="tel:95.211.167.69" target="_blank">95.211.167.69</a>' - No matching peer
found<br>[Mar 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from
'"fuat"<<a href="mailto:sip%3Afuat@108.238.216.11" target="_blank">sip:fuat@108.238.216.11</a>>'
failed for '<a href="tel:95.211.167.69" target="_blank">95.211.167.69</a>' - No matching peer
found<br>[Mar 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from
'"fubler"<<a href="mailto:sip%3Afubler@108.238.216.11" target="_blank">sip:fubler@108.238.216.11</a>>'
failed for '<a href="tel:95.211.167.69" target="_blank">95.211.167.69</a>' - No matching peer
found<br>[Mar 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from
'"fuccellaro"<<a href="mailto:sip%3Afuccellaro@108.238.216.11" target="_blank">sip:fuccellaro@108.238.216.11</a>>'
failed for '<a href="tel:95.211.167.69" target="_blank">95.211.167.69</a>' - No matching peer
found<br>[Mar 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from
'"fuchsberger"<<a href="mailto:sip%3Afuchsberger@108.238.216.11" target="_blank">sip:fuchsberger@108.238.216.11</a>>'
failed for '<a href="tel:95.211.167.69" target="_blank">95.211.167.69</a>' - No matching peer
found<br>[Mar 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from
'"fuck-me-over-some-more"<<a href="mailto:sip%3Afuck-me-over-some-more@108.238.216.11" target="_blank">sip:fuck-me-over-some-more@108.238.216.11</a>>'
failed for '<a href="tel:95.211.167.69" target="_blank">95.211.167.69</a>' - No matching peer
found<br>[Mar 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from
'"fucktool"<<a href="mailto:sip%3Afucktool@108.238.216.11" target="_blank">sip:fucktool@108.238.216.11</a>>'
failed for '<a href="tel:95.211.167.69" target="_blank">95.211.167.69</a>' - No matching peer
found<br>[Mar 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from
'"fudd"<<a href="mailto:sip%3Afudd@108.238.216.11" target="_blank">sip:fudd@108.238.216.11</a>>'
failed for '<a href="tel:95.211.167.69" target="_blank">95.211.167.69</a>' - No matching peer
found<br>[Mar 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from
'"fude"<<a href="mailto:sip%3Afude@108.238.216.11" target="_blank">sip:fude@108.238.216.11</a>>'
failed for '<a href="tel:95.211.167.69" target="_blank">95.211.167.69</a>' - No matching peer
found<br>[Mar 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from
'"fudenberg"<<a href="mailto:sip%3Afudenberg@108.238.216.11" target="_blank">sip:fudenberg@108.238.216.11</a>>'
failed for '<a href="tel:95.211.167.69" target="_blank">95.211.167.69</a>' - No matching peer
found<br>[Mar 6 23:59:41] NOTICE[1694] chan_sip.c: Registration from
'"fudge"<<a href="mailto:sip%3Afudge@108.238.216.11" target="_blank">sip:fudge@108.238.216.11</a>>'
failed for '<a href="tel:95.211.167.69" target="_blank">95.211.167.69</a>' - No matching peer
found</span><br><br>
<div>;(;)</div>AllStar 28384
<div>Irlp 7998 / 7766 / 7926</div>
<div>Echo 563329</div>:(:)
<div><br></div>
<div><br></div></div>
<div><br>On May 19, 2012, at 11:00 AM, <a href="mailto:app_rpt-users-request@ohnosec.org" target="_blank">app_rpt-users-request@ohnosec.org</a>
wrote:<br><br></div>
<div></div>
<blockquote type="cite">
<div><span>Send App_rpt-users mailing list submissions
to</span><br><span> <a href="mailto:app_rpt-users@ohnosec.org" target="_blank"></a><a href="mailto:app_rpt-users@ohnosec.org" target="_blank">app_rpt-users@ohnosec.org</a></span><br><span></span><br><span>To
subscribe or unsubscribe via the World Wide Web,
visit</span><br><span> <a href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" target="_blank"></a><a href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" target="_blank">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a></span><br>
<span>or,
via email, send a message with subject or body 'help'
to</span><br><span> <a href="mailto:app_rpt-users-request@ohnosec.org" target="_blank"></a><a href="mailto:app_rpt-users-request@ohnosec.org" target="_blank">app_rpt-users-request@ohnosec.org</a></span><br><span></span><br>
<span>You
can reach the person managing the list at</span><br><span> <a href="mailto:app_rpt-users-owner@ohnosec.org" target="_blank"></a><a href="mailto:app_rpt-users-owner@ohnosec.org" target="_blank">app_rpt-users-owner@ohnosec.org</a></span><br>
<span></span><br><span>When
replying, please edit your Subject line so it is more
specific</span><br><span>than "Re: Contents of App_rpt-users
digest..."</span><br><span></span><br><span></span><br><span>Today's
Topics:</span><br><span></span><br><span> 1. adding extensions to
acid all-star repeater (Bradley
Haney)</span><br><span></span><br><span></span><br><span>----------------------------------------------------------------------</span><br><span></span><br><span>Message:
1</span><br><span>Date: Sat, 19 May 2012 09:19:32
-0500</span><br><span>From: Bradley Haney <<a href="mailto:kc9gqr@gmail.com" target="_blank">kc9gqr@gmail.com</a>></span><br><span>To:
<a href="mailto:app_rpt-users@ohnosec.org" target="_blank"></a><a href="mailto:app_rpt-users@ohnosec.org" target="_blank">app_rpt-users@ohnosec.org</a></span><br><span>Subject:
[App_rpt-users] adding extensions to acid all-star
repeater</span><br><span>Message-ID: <<a href="mailto:E3E3A42F-65BD-4B2E-BE21-67654048A29C@gmail.com" target="_blank">E3E3A42F-65BD-4B2E-BE21-67654048A29C@gmail.com</a>></span><br><span>Content-Type:
text/plain; charset=us-ascii</span><br><span></span><br><span>Hello all..
</span><br><span></span><br><span>Been looking through the old forums and
trying to get a handle on how to add SIP extensions to my all-star
box. We are currently running acid distro on our repeater and using
the allstarlink auto patch service. I would like to be able to
add a few sip extensions so when i am on my cell phone i can
connect to the repeater and listen or dial my wife who is a ham on a
different extension and ring her phone. The extensions do not
have to have "outside access" for the auto patch as the extensions
would be used for internal communication to and from the repeater or to and
from other extensions i add . Example extension 123 (which would
be a sip client) be able to dial 28079 which is the repeater. or
a person on the repeater be able to dial extension 123 and
have the sip client ring. I have a static ip address so i know that
won't be a problem, just a little confused on how to add everything in
the config files. Does anyone by chance have a good
working example</span><br><span> they could share? I would try
the other distro but everyone like the web trans idea instead of using
echo link :)
</span><br><span></span><br><span>Thanks for any help i
could get..</span><br><span></span><br><span>Bradley</span><br><span>allstar
node
28079</span><br><span></span><br><span>------------------------------</span><br><span></span><br><span>_______________________________________________</span><br><span>App_rpt-users
mailing list</span><br><span><a href="mailto:App_rpt-users@ohnosec.org" target="_blank">App_rpt-users@ohnosec.org</a></span><br><span><a href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" target="_blank">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a></span><br>
<span></span><br><span></span><br><span>End
of App_rpt-users Digest, Vol 39, Issue
22</span><br><span>*********************************************</span><br></div></blockquote></blockquote></div></div></div>
<br>_______________________________________________<br>
App_rpt-users mailing list<br>
<a href="mailto:App_rpt-users@ohnosec.org">App_rpt-users@ohnosec.org</a><br>
<a href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" target="_blank">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Randy Hammock <br>Phone: 818-925-4576<br>
_______________________________________________<br>App_rpt-users mailing list<br><a href="mailto:App_rpt-users@ohnosec.org">App_rpt-users@ohnosec.org</a><br>http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users<br></blockquote></div><br></div></div></body></html>