IP Logging For Authentication Floods

Our server is being slammed with bogus authentication tries for extensions. How can I get logs of attackers IPs so I can setup iptables rules to reject them?

You could use tcpdump

tcpdump -s 2048 -w /root/sip.dump udp and port 5060

We use fail2ban to block those attempts. See below link for a guide.

voip-info.org/wiki/view/Fail … 2BAsterisk

[quote=“bwilks”]You could use tcpdump

tcpdump -s 2048 -w /root/sip.dump udp and port 5060[/quote]

Great tool. I think we should all run these together on machines and see where people are trying to get in from.