Page 1 of 4
CSF / Asterisk
Posted: 20 Jan 2014, 17:17
by simon templar
Hi ,
I just installed CSF on an Asterisk box.
Is there any setup I could use in order to block IP addresses that failed to login on SIP / port 5060 with the help of CSF ?
Thanks !
Re: CSF / Asterisk
Posted: 24 Mar 2014, 02:51
by keyjey
Hi, did you find any answer about this ? looking for the same !
Re: CSF / Asterisk
Posted: 24 Mar 2014, 02:54
by simon templar
NO.
I'm thinking about creating the script that will take care of this.
You can join the team if you know how to program.
I was almost done in C++ but I was told to switch to Python. So I am learning the language now.
Re: CSF / Asterisk
Posted: 24 Mar 2014, 06:19
by Sergio
simon templar wrote:Hi ,
I just installed CSF on an Asterisk box.
Is there any setup I could use in order to block IP addresses that failed to login on SIP / port 5060 with the help of CSF ?
Thanks !
Yes, you can do it with CSF.
Check in what log the error is reported and the add your own REGEX rule to regex.custom.pm
Re: CSF / Asterisk
Posted: 25 Mar 2014, 00:30
by simon templar
Hi Sergio,
I wish I read the whole readme file, I never paid attention to that. Probably because I do not know regex. Could you give me a hand with the regex to setup ?
The file is /var/log/asteriss/messages
The type of errors I am looking for are like:
[2014-03-03 15:04:39] NOTICE[4632] chan_sip.c: Registration from '"X-Lite"<sip:1000@192.168.1.242>' failed for '192.168.1.101:41444' - Wrong password
*If possible*, I would like to block IPs that do 3 bad attempts.
If not possible, I will block IPs at the first attempt.
Is there a way to excluse 192.168.1.0 network ?
Thank you so much for your help.
Re: CSF / Asterisk
Posted: 25 Mar 2014, 00:54
by Sergio
Normally I don't do regex for something that I can't test in any of my servers.
You will need to do the tests on your own when the rule is done.
For the regex to be created I need the following info:
What is the name of the error log where you can search for this info?
Please give 5 error lines copied from the error log.
Re: CSF / Asterisk
Posted: 25 Mar 2014, 01:24
by simon templar
The error shows up in /var/log/asterisk/messages
[2014-03-24 21:15:18] NOTICE[18393] chan_sip.c: Registration from '"X-Lite"<sip:1000@192.168.1.242>' failed for '192.168.1.101:5140' - Wrong password
[2014-03-24 21:15:22] NOTICE[18393] chan_sip.c: Registration from '"X-Lite"<sip:1000@192.168.1.242>' failed for '192.168.1.101:5140' - Wrong password
[2014-03-24 21:15:23] NOTICE[18393] chan_sip.c: Registration from '"X-Lite"<sip:1000@192.168.1.242>' failed for '192.168.1.101:5140' - Wrong password
[2014-03-24 21:15:25] NOTICE[18393] chan_sip.c: Registration from '"X-Lite"<sip:1000@192.168.1.242>' failed for '192.168.1.101:5140' - Wrong password
[2014-03-24 21:15:27] NOTICE[18393] chan_sip.c: Registration from '"X-Lite"<sip:1000@192.168.1.242>' failed for '192.168.1.101:5140' - Wrong password
At the minimum, I would like to block IPs (failed for xx.xx.xx.xx) after the 1st wrong password attempt.
If possible, I would like to prevent blocking IPs from network 192.168.1.0
If I can get that, it would be awesome.
Re: CSF / Asterisk
Posted: 25 Mar 2014, 01:52
by Sergio
You have a PM with the rule.
Please add the rule following the readme file directions.
After you add the regex, you have to restart LFD and it will show if the rules is right or if it has an error.
Remember to create a CUSTOM3_LOG in your CSF configuration with the /var/log/asterisk/messages
Re: CSF / Asterisk
Posted: 25 Mar 2014, 02:49
by simon templar
Thank you - I will try tomorrow during the day .
Re: CSF / Asterisk
Posted: 25 Mar 2014, 02:54
by Sergio
For the IPs that you don't want to be blocked, you will have to add them to the ALLOW IPs in CSF