[asterisk-dev] auto blacklisting "script kiddies"
Steve Kennedy
steve-asterisk at gbnet.net
Thu Apr 26 08:16:35 MST 2007
On Thu, Apr 26, 2007 at 05:26:01PM +0300, Tzafrir Cohen wrote:
[snip]
> Blocking is better done by the firewall. There are already a number of
> programs that adapt firwall or do whatever custom operation based on
> certain conditions in the log.
> Also: how simple is it to spoof a single packet for the purpose of
> banning an IP address? e.g.: me spoofing a false packet from your IP
> address to Gizmo.
> Are Asterisk's log well-suited for automated parsing by log parsers?
I'm suggesting it's done by Asterisk so logs wouldn't be parsed as, say,
a SIP registration came it, that would be checked. It's not to protect
against a well organised attack, just script kiddie brute
force/dictionary.
Steve
--
NetTek Ltd UK mob +44-(0)7775 755503
UK +44-(0)20 79932612 / US +1-(310)8577715 / Fax +44-(0)20 7483 2455
Skype/GoogleTalk/AIM/Gizmo/Mac stevekennedyuk / MSN steve at gbnet.net
Euro Tech News Blog http://eurotechnews.blogspot.com
More information about the asterisk-dev
mailing list