On Mon, Nov 29, 2010 at 2:01 PM, Hose wrote:
> So when someone’s brute forcing your server is there a way to identify
> the originating IPs without using a tcpdump? When I get a failed auth
> on the console it shows ‘account@asteriskserver’ then tag=as25ca5023 (or
> some random string, though it’s a bit odd as alwaysauthreject = yes is
> on in sip.conf). Anyway, the logs don’t show anything more useful
> either. Is there something obvious I’m missing? Cranking up verbosity
> on the console doesn’t seem to do anything.
You can use IPTABLES to log all traffic on a port for you. Instead of
ACCEPT or DROP use LOG.