Home Forums SecAst (Security for Asterisk) Configuration & Optimization SecAst ignoring attacker

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • Customer Inquiry
    Participant
    November 27, 2016 at 6:05 pm
    Post count: 201
    #6422

    I have set SecAst to use the Asterisk security log to get notifications of account authentication errors, and SecAst is ignoring or not responding to an intrusion attempt. In the SecAst log file I see a message like:

    Asterisk, IP ” on IP watch list with X potential intrusion attempts

    What is wrong?

    Telium Support Group
    Moderator
    November 27, 2016 at 6:56 pm
    Post count: 263
    #6626

    The most likely cause is that Asterisk is not providing enough information about an account violation.

    If you are running Asterisk 13 or later, then you should tell SecAst to use the AMI for talking to Asterisk (don’t use a security log file). This exposes a lot more information to SecAst.

    If you must use the Asterisk log file, please send that log file and the SecAst log file to support for assistance in identifying the attack type and adjusting your setting to recognize the attack.

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.