Asterisk 11.5 + Fail2Ban

I know that I have not talked about Asterisk here before or Ubuntu for that matter. But since I just did this and it’s still fresh, I decided to put it here.

Since you are here, I assume that you have Asterisk already installed. If not, I will make a tutorial on how to install it soon.

I have Ubuntu Server and I have been monitoring my Asterisk 11.5 and see if there is anyone trying to hack into it. Sure enough, I see these logs..

This is from /var/log/asterisk/messages

[2014-02-20 19:55:37] NOTICE[3241][C-00000001]: chan_sip.c:25282 handle_request_invite: Failed to authenticate device 1400<sip:1400@[LOCAL_IP]:[PORT]>;tag=518abf5e
 [2014-02-20 19:55:38] NOTICE[3241][C-00000002]: chan_sip.c:25282 handle_request_invite: Failed to authenticate device 1400<sip:1400@LOCAL_IP]:[PORT]>;tag=a92be084
 [2014-02-20 19:55:39] NOTICE[3241][C-00000003]: chan_sip.c:25282 handle_request_invite: Failed to authenticate device 1400<sip:1400@LOCAL_IP]:[PORT]>;tag=514495fb

Now if you look at it, the logs only show the local IP and not the real source IP.  In order for us to get the source IP, we would need to enable the security logs.

Continue reading “Asterisk 11.5 + Fail2Ban”