In my logs this morning I see a hacker probing my system for DAYS now. His ip address is listed as BANNED in intrusion detection. fail2ban-status fail2ban-SIP shows his ip address. iptables -L shows REJECT for fail2ban-SIP.
Still, he is unimpeded and trying to break into my Freepbx all day long.
[2021-06-22 10:09:30] NOTICE[29779]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request ‘INVITE’ from ‘“NoAuth” sip:[email protected]’ failed for ‘213.202.233.143:53438’ (callid: M8tr4gQlVqhtSfO1CitkJg…) - Failed to authenticate
Chain INPUT (policy ACCEPT)
target prot opt source destination
fpbxfirewall all – 0.0.0.0/0 0.0.0.0/0
fail2ban-SIP all – 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-SIP (1 references)
target prot opt source destination
REJECT all – 45.147.231.106 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all – 163.172.52.210 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all – 188.213.212.43 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all – 45.153.240.109 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all – 45.147.231.40 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all – 163.172.106.157 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all – 163.172.107.69 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all – 213.202.233.143 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all – 129.144.24.18 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN all – 0.0.0.0/0 0.0.0.0/0