Fail2ban not banning wrong password attempts

Hi, noticed a lot of password failures in CLI. iptables -nL shows nothing banned:

Chain fail2ban-SIP (2 references)
target prot opt source destination
RETURN all –
RETURN all –

Code in /etc/fail2ban/jail.local seems right:

enabled = true
filter = asterisk-security
action = iptables-allports[name=SIP, protocol=all]
sendmail[name=SIP, [email protected], [email protected]]
logpath = /var/log/asterisk/fail2ban

Running fail2ban-regex /var/log/asterisk/fail2ban /etc/fail2ban/filter.d/asterisk-security.conf to see if there are matches and there are 1508 matches with the exact same RemoteAddress:

No ‘host’ found in '[] SECURITY[2339] res_security_log.c: SecurityEvent=“InvalidPassword”,EventTV=“2016-03-29T08:54:22.526-0400”,Severity=“Error”,Service=“SIP”,EventVersion=“2”,AccountID=“1355”,SessionID=“0xb8e9a54”,LocalAddress=“IPV4/UDP/”,RemoteAddress=“IPV4/UDP/”,Challenge=“63943eaf”,ReceivedChallenge=“63943eaf”,ReceivedHash=“9f886d762c3adc2b47c4edfc326f9f60”

Is fail2ban running?
root 21150 1.7 0.3 180588 6576 ? Sl 08:34 0:42 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock

What might be causing fail2ban not banning?



I’ve seen the same thing here on several (current version) builds. The new ‘firewall’ feature also seems unable to detect these type of attacks.




Looking at the above I would imagine your issue is the **
**** is not a valid host