Steve Totaro wrote:
> For security, how about an authentication retry setting in the sip
> configuration? After X amounts of failed auth or registration
> attempts, block IP for Y amount of time. It would seem fairly easy to
> do using realtime with DB entries for IP blocks and expiration. Then
> a quick query of the same tables would allow an admin to put in
> permanent rules on a firewall or ACL and also contact that ISP's abuse
> dept.
I was recently introduced to fail2ban. It's a nice tool that will watch
log files and when it notices too many failed authentication attempts
(SSH, FTP, Password protected web sites, asterisk) it will run an
iptables or shorewall command to block the offending IP address for a
certain amount of time.
It also has the option to send an email to let me know when someone got
themselves banned.
I've found this tool to be quite handy.
Really no need to reinvent the wheel by incorporating it's functionality
into asterisk. Plus it's always better to block unwanted traffic before
it even gets to the application.
That's my two cents anyway...
Trevor
_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
AstriCon 2008 - September 22 - 25 Phoenix, Arizona
Register Now: http://www.astricon.net
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
[Home]
[Open H.323]
[Gnu Gatekeeper]
[Info Cyrus]
[ALSA User]
[Fedora Linux Users]
[DCCP]
[Gimp]
[100% Free Online Dating]
[Yosemite News]
[Yosemite Photos]
[Deep Creek Hot Springs]
[Yosemite Campsites]
[Building Telephony Systems with Asterisk]
[ISDN Cause Codes]
