Alors la trop fort le nouveau type de hack
16 tentatives avec IP non signée donc même pas possible de faire une regle F2ban
Je sais pas ce que reçoit le hacker en écho mais a 17em tentative il appel sans problèmes.
Vraiment des morts de faim, tout ça pour appeler un méchant numéro spécial mal rémunéré (normal j'ai bloqué tout ce qui dépasse les 20 cents)
Apr 2 17:49:14 ns asterisk[15742]: NOTICE[15757]: chan_sip.c:15146 in handle_request_invite: Call from 'xxxx' to extension 'host=domain.com' rejected because extension not found.
Apr 2 17:49:15 ns asterisk[15742]: NOTICE[15757]: chan_sip.c:15146 in handle_request_invite: Call from 'xxxx' to extension 'host=domain.com' rejected because extension not found.
Apr 2 17:49:16 ns asterisk[15742]: NOTICE[15757]: chan_sip.c:15146 in handle_request_invite: Call from 'xxxx' to extension 'host=domain.comusername=xxxx' rejected because extension not found.
Apr 2 17:49:16 ns asterisk[15742]: NOTICE[15757]: chan_sip.c:15146 in handle_request_invite: Call from 'xxxx' to extension 'host=domain.comusername=xxxx' rejected because extension not found.
Apr 2 17:49:16 ns asterisk[15742]: NOTICE[15757]: chan_sip.c:15146 in handle_request_invite: Call from 'xxxx' to extension 'host=domain.comusername=xxxxsecret=SupxXEr10-*SecrEt' rejected because extension not found.
Apr 2 17:49:16 ns asterisk[15742]: NOTICE[15757]: chan_sip.c:15146 in handle_request_invite: Call from 'xxxx' to extension 'host=domain.comusername=xxxxsecret=SupxXEr10-*SecrEt' rejected because extension not found.
Apr 2 17:49:17 ns asterisk[15742]: NOTICE[15757]: chan_sip.c:15146 in handle_request_invite: Call from 'xxxx' to extension 'host=domain.comusername=xxxxsecret=SupxXEr10-*SecrEttype=peer' rejected because extension not found.
Apr 2 17:49:17 ns asterisk[15742]: NOTICE[15757]: chan_sip.c:15146 in handle_request_invite: Call from 'xxxx' to extension 'host=domain.comusername=xxxxsecret=SupxXEr10-*SecrEttype=peerinsecure=very' rejected because extension not found.
Apr 2 17:49:17 ns asterisk[15742]: NOTICE[15757]: chan_sip.c:15146 in handle_request_invite: Call from 'xxxx' to extension 'host=domain.comusername=xxxxsecret=SupxXEr10-*SecrEttype=peer' rejected because extension not found.
Apr 2 17:49:17 ns asterisk[15742]: NOTICE[15757]: chan_sip.c:15146 in handle_request_invite: Call from 'xxxx' to extension 'host=domain.comusername=xxxxsecret=SupxXEr10-*SecrEttype=peerinsecure=very' rejected because extension not found.
Apr 2 17:49:17 ns asterisk[15742]: NOTICE[15757]: chan_sip.c:15146 in handle_request_invite: Call from 'xxxx' to extension 'host=domain.comusername=xxxxsecret=SupxXEr10-*SecrEttype=peerinsecure=veryfromuser=xxxx' rejected because extension not found.
Apr 2 17:49:17 ns asterisk[15742]: NOTICE[15757]: chan_sip.c:15146 in handle_request_invite: Call from 'xxxx' to extension 'host=domain.comusername=xxxxsecret=SupxXEr10-*SecrEttype=peerinsecure=veryfromuser=xxxx' rejected because extension not found.
Apr 2 17:49:17 ns asterisk[15742]: NOTICE[15757]: chan_sip.c:15146 in handle_request_invite: Call from 'xxxx' to extension 'host=domain.comusername=xxxxsecret=SupxXEr10-*SecrEttype=peerinsecure=veryfromuser=xxxxqualify= no' rejected because extension not found.
Apr 2 17:49:17 ns asterisk[15742]: NOTICE[15757]: chan_sip.c:15146 in handle_request_invite: Call from 'xxxx' to extension 'host=domain.comusername=xxxxsecret=SupxXEr10-*SecrEttype=peerinsecure=veryfromuser=xxxxqualify= no' rejected because extension not found.
Apr 2 17:49:17 ns asterisk[15742]: NOTICE[15757]: chan_sip.c:15146 in handle_request_invite: Call from 'xxxx' to extension 'host=domain.comusername=xxxxsecret=SupxXEr10-*SecrEttype=peerinsecure=veryfromuser=xxxxqualify= nonat=yes' rejected because extension not found.
Apr 2 17:49:17 ns asterisk[15742]: NOTICE[15757]: chan_sip.c:15146 in handle_request_invite: Call from 'xxxx' to extension 'host=domain.comusername=xxxxsecret=SupxXEr10-*SecrEttype=peerinsecure=veryfromuser=xxxxqualify= nonat=yes' rejected because extension not found.
Une idée sur la méthode ?
pour ma part je pense ne plus prendre de comptes clients sans IP fixe, les comptes login/password c'est ingérable