How do I stop these sort of “pings”? Is it a ping or probe?
fqdn_subdomain*CLI>
fqdn_subdomain*CLI> sip set debug on
SIP Debugging enabled
<--- SIP read from UDP:67.212.84.21:5010 --->
OPTIONS sip:s@xxx.xxx.xxx.xxx:5060 SIP/2.0
Via: SIP/2.0/UDP 67.212.84.21:5010;branch=0
From: sip:ping@noname.com;tag=uloc-5875e606-bf5-0e907-52564b36-097516a3
To: sip:s@xxx.xxx.xxx.xxx:5060
Call-ID: cb004ab7-90480501-ff4ce23@67.212.84.21
CSeq: 1 OPTIONS
Content-Length: 0
<------------->
--- (7 headers 0 lines) ---
Sending to 67.212.84.21:5010 (NAT)
Looking for s in default (domain xxx.xxx.xxx.xxx)
<--- Transmitting (NAT) to 67.212.84.21:5010 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP 67.212.84.21:5010;branch=0;received=67.212.84.21;rport=5010
From: sip:ping@noname.com;tag=uloc-5875e606-bf5-0e907-52564b36-097516a3
To: sip:s@xxx.xxx.xxx.xxx:5060;tag=as6ee49ab1
Call-ID: cb004ab7-90480501-ff4ce23@67.212.84.21
CSeq: 1 OPTIONS
Server: Asterisk PBX 13.1.0~dfsg-1.1ubuntu4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Contact: <sip:xxx.xxx.xxx.xxx:5060>
Accept: application/sdp
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog 'cb004ab7-90480501-ff4ce23@67.212.84.21' in 32000 ms (Method: OPTIONS)
fqdn_subdomain*CLI>
fqdn_subdomain*CLI>
The fail2ban config I have so far:
root@fqdn_subdomain:/etc/asterisk#
root@fqdn_subdomain:/etc/asterisk# cat /etc/fail2ban/jail.d/asterisk.conf
[asterisk-iptables]
# if more than 4 attempts are made within 6 hours, ban for 24 hours
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail[name=ASTERISK, dest=thufir@fqdn_full, sender=fail2ban@local.local]
logpath = /var/log/asterisk/messages
maxretry = 4
findtime = 21600
bantime = 86400
root@fqdn_subdomain:/etc/asterisk#
the source I was reading for asterisk & fail2ban was saying to edit jail.conf, which caused me problems. Or, perhaps I misread the directions. So, asking here how I can further secure Asterisk.