攻撃のlog
[2020-09-17 12:09:24] NOTICE[2020][C-00000005]: chan_sip.c:26377 handle_request_invite: Failed to authenticate device (<sip:10001@210.0.1.1>;tag=1618708269)
vi /usr/src/asterisk-13.27.0/channels/chan_sip.c
変更前
if (res < 0) { /* Something failed in authentication */
ast_log(LOG_NOTICE, “Failed to authenticate device %s\n”, sip_get_header(req, “From”));
変更後
if (res < 0) { /* Something failed in authentication */
ast_log(LOG_NOTICE, “Failed to authenticate device %s (%s)\n”, sip_get_header(req, “From”),ast_sockaddr_stringify(addr));
すべて同じように変更する
変更前
if (res != AUTH_SUCCESSFUL) {
ast_log(LOG_NOTICE, “Failed to authenticate device %s for SUBSCRIBE\n”, sip_get_header(req, “From”),ast_sockaddr_stringify(addr));
変更後
if (res != AUTH_SUCCESSFUL) {
ast_log(LOG_NOTICE, “Failed to authenticate device %s (%s) for SUBSCRIBE\n”, sip_get_header(req, “From”),ast_sockaddr_stringify(addr));
vi /etc/fail2ban/filter.d/asterisk.conf
prefregex = に以下を追記する
NOTICE.* .*: Failed to authenticate user .* \(:.*\)
コメント