16 Oct
2019
16 Oct
'19
2:06 p.m.
On 16.10.19 08:53, Juha Heinanen wrote:
Yuriy Gorlichenko writes:
Looks no, because connection must be established for handling it in the config file. This error fired by ssl library during Negotiation process.
But you can try tcpdump, at least you will see Who tries to established connection
Yes, I could do that, but I would rather get the IP address to syslog so that I could fail2ban it.
Probably the IP address can be printed in that log message from the C code, at that level the tcp connection structure (associated with the tls session) should be filled in with source ip and destination ip. Obviously it requires to patch the code -- I can do it during the next two days, if this solution helps.
Cheers, Daniel
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training, Oct 21-23, 2019, Berlin, Germany -- https://asipto.com/u/kat