[Freeswitch-users] Getting fail2ban working properly
David Villasmil
david.villasmil.work at gmail.com
Tue Sep 13 09:49:11 MSD 2016
Hello,
In the case above, challenge is included in the regexp (challenge|failure)
011-02-07 12:23:28.490029 [WARNING] sofia_reg.c:1247 SIP auth challenge
(REGISTER) on sofia profile 'internal' for [1002 at 10.10.16.161] from ip
10.10.16.161
If, as is suggested in the issue report, what is being sought is to prevent
flooding, i guess there's a maxretry param somewhere?
Thanks!
David
(davidcsi)
On Tue, Sep 13, 2016 at 2:00 AM David Witham <david.witham at netsip.com.au>
wrote:
> We don't include the challenge in the regex, just the failure, so we only
> ban on multiple failures. The challenge is normal registration behaviour.
> For genuine customers the challenges won't fail and they won't get banned.
>
> On 13 September 2016 at 02:33, jungle Boogie <jungleboogie0 at gmail.com>
> wrote:
>
>> On 12 September 2016 at 09:09, Don Hawkins <hawkins at hawkinsegroup.com>
>> wrote:
>> > I'm actually starting to notice a problem with fail2ban, maybe someone
>> can
>> > help me.
>>
>> Not really a problem as fail2ban is working as expected--just not in a
>> very friendly way. ;)
>>
>> I've seen this happen and usually I delete the line from fail2ban, but
>> I don't know how folks manage it for customers.
>>
>> A few weeks back, I came across this issue on fail2ban's github page:
>> https://github.com/fail2ban/fail2ban/issues/1500
>>
>> That pretty much explains your problem.
>>
>>
>> --
>> -------
>> inum: 883510009027723
>> sip: jungleboogie at sip2sip.info
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> --
> David Witham
> Senior Voice/Systems Engineer
>
> Netsip pty ltd – An Over the Wire Company
> Level 1, 24 Little Edward St, Spring Hill QLD 4000
>
> t +61 1300 638 747
> e david.witham at netsip.com.au www.netsip.com.au
> <https://macowa.netsip.com.au/owa/redir.aspx?C=95eec4d12cf0400796940d56513ed0f7&URL=http%3a%2f%2fwww.netsip.com.au>
>
> <https://macowa.netsip.com.au/owa/redir.aspx?C=95eec4d12cf0400796940d56513ed0f7&URL=http%3a%2f%2fwww.netsip.com.au>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160913/60fd0f24/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list