For some reason my intrusion detection blocks my home ip. None of the phones at my house have incorrect credentials in them for fail2ban to block them. It would just block my house because of some SIP registration attempt coming out of my house ip, but I don’t know what would it be. I have one Sangoma, one Polycom and one Zoiper phone always connected to the pbx that is on the cloud server. I don’t want to make my house IP trusted because I want to figure out why it would block my ip. There is no reason for it to block it since it’s ONLY supposed to block when there is an incorrect login attempt. I don’t use RF for now.
Do you guys have any thoughts on this one? I would really appreciate it.
need to pull the log of fail2ban to know the answer. intrusion detection is only a gui for fail2ban. in the meam time, whiteliste you ip in the module. need to restart after you put you ip in the whitelist
I don’t know if this was already resolved in this forum but this is such an amazing discovery for me!
I’m currently using a desk phone at home + a soft phone on my cell phone. They are currently on the same extension. And since they are on the same extension I have set Max Contacts to 2. Apparently… this is causing a problem. As soon as the soft phone looses a connection, changes ip (which cellphones do every time they reconnect to the provider) it attempts to reregister right away. At the moment when the soft phone is trying to reregister with its new ip, asterisk hasn’t deleted the old registration of that soft phone, so it causes the message that notifies about exceeding max retries of 2. After 3 attempts to register, fail2ban blocks that new soft phone that’s trying to register with correct credentials. Setting max contacts to 3 or even 5 to be sure solves this problem completely! This has been happening to me for so long and I finally discovered what the problem is, it’s awesome! I don’t know if this issue has been resolved on these forums but I hadn’t found anything similar, so I just wanted to give back to the community. Hope you guys find this useful.
Something on your home system is trying to log into your Web Server port and is failing. Intrusion detection? Think outside of Asterisk - this looks more like an app on your PC (or some other machine on your local network) is not getting the love it deserves.
Could be related… but there is an issue if a phone is using restapps on the remote IP, and the IP is not whitelisted in IDS and firewall then apache will trigger fail2ban to ban IP. Andrew N pushed a fix (sysadmin 13.0.74.12) to the edge track.
I forgot to mention, my install is on a cloud server, so even my Sangoma s500 is considered a remote phone.
But i’ve got great news! I think i just spotted the problem!
I don’t know if this was already resolved in this forum but this is such an amazing discovery for me!
I’m currently using a desk phone at home + a soft phone on my cell phone. They are currently on the same extension. And since they are on the same extension I have set Max Contacts to 2. Apparently… this is causing a problem. As soon as the soft phone looses a connection, changes ip (which cellphones do every time they reconnect to the provider) it attempts to reregister right away. At the moment when the soft phone is trying to reregister with its new ip, asterisk hasn’t deleted the old registration of that soft phone, so it causes the message that notifies about exceeding max retries of 2. After 3 attempts to register, fail2ban blocks that new soft phone that’s trying to register with correct credentials. Setting max contacts to 3 or even 5 to be sure solves this problem completely! This has been happening to me for so long and I finally discovered what the problem is, it’s awesome! I don’t know if this issue has been resolved on these forums but I hadn’t found anything similar, so I just wanted to give back to the community. Hope you guys find this useful.