Talk:Failregex

Hi I just spend my evening to find a ban-rule against an ASTERISK attack I got earlier this month. I saw other people been attacked this way and want to share this to the world.

== [2010-10-04 08:06:26] VERBOSE[11136] logger.c: -- Executing [90115372042516@from-sip-external:2] Set("SIP/113.105.152.53-0916b1a0", "DID=90115372042516") in new stack [2010-10-04 08:06:26] VERBOSE[11136] logger.c: -- Executing [90115372042516@from-sip-external:3] Goto("SIP/113.105.152.53-0916b1a0", "s|1") in new stack [2010-10-04 08:06:26] VERBOSE[11136] logger.c: -- Goto (from-sip-external,s,1) [2010-10-04 08:06:26] VERBOSE[11136] logger.c: -- Executing [s@from-sip-external:1] GotoIf("SIP/113.105.152.53-0916b1a0", "1?from-trunk|90115372042516|1") in new stack [2010-10-04 08:06:26] VERBOSE[11136] logger.c: -- Goto (from-trunk,90115372042516,1) [2010-10-04 08:06:26] WARNING[11136] pbx.c: Channel 'SIP/113.105.152.53-0916b1a0' sent into invalid extension '90115372042516' in context 'from-trunk', but no invalid handler] [2010-10-04 08:06:26] VERBOSE[11137] logger.c: -- Executing [0015372042516@from-sip-external:1] NoOp("SIP/113.105.152.53-095f0ff8", "Received incoming SIP connection from unknown peer to 0015372042516") in new stack< ==

This regex I added in asterisk.conf

WARNING.* .*: Channel 'SIP/<HOST>-.* sent into invalid extension .*

Thanks for all the good work ! Wimus