I recently had my logs fill up with attacks on every server in my network. Looks like the source of the attack was a network in France… perhaps a college or something.
NOTICE[27253] chan_sip.c: Registration from '"8535"<sip:8535@XX.XX.XX.XX>' failed for '90.30.239.249' - No matching peer found
NOTICE[27253] chan_sip.c: Registration from '"8536"<sip:8536@XX.XX.XX.XX>' failed for '90.30.239.249' - No matching peer found
NOTICE[27253] chan_sip.c: Registration from '"8537"<sip:8537@XX.XX.XX.XX>' failed for '90.30.239.249' - No matching peer found
NOTICE[27253] chan_sip.c: Registration from '"8538"<sip:8538@XX.XX.XX.XX>' failed for '90.30.239.249' - No matching peer found
NOTICE[27253] chan_sip.c: Registration from '"8539"<sip:8539@XX.XX.XX.XX>' failed for '90.30.239.249' - No matching peer found
NOTICE[27253] chan_sip.c: Registration from '"8540"<sip:8540@XX.XX.XX.XX>' failed for '90.30.239.249' - No matching peer found
Anyway, I have some questions about how to deal with this type of issue. Is there anyway to have asterisk block a source IP after X number of failed registration attempts? (if not there should be!)
If that isn’t the answer… well what is?
Thanks,
Geoff