[asterisk-users] Remodified Asterisk brute force blockers..

J. Oquendo sil at infiltrated.net
Mon Apr 30 06:43:51 MST 2007

Top of the morning all... So I reworked the pseudo IDS/Brute Force 
Asterisk script for those who want to either use it, or use it as a 
baseline to build a better one...

The script now does a few things... It logs those with password issues, 
and blocks them as well. This was done to ensure that a remote user who 
was blocked can be found in the log. E.g., Sally the homemaker keeps 
fiddling with her ATA or phone... Toasts her password... She will be 
blocked, and her username and IP address will be logged in the home 
directory of the admin running the script. This was done to ensure you 
don't go blowing away legitimate 
(011100110111010001110101011100000110100101100100 / PEBKAC) users. It 
also double checks the entries to make sure no one is injecting false 
parameters into Asterisk which would log say... Your own domain...

Some may need to tweak their columns under awk... Test before using on a 
production machine... Works fine for me under Debian and FC5, results 
may vary so test it on your own. If you have to ask about what it does, 
please don't use it... Comments on the awk/sed/grep nightmare... Fire 
away... It was started as a oneliner that spiraled out of control


J. Oquendo
echo infiltrated.net|sed 's/^/sil@/g' 

"Wise men talk because they have something to say;
fools, because they have to say something." -- Plato

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5157 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20070430/26fc7688/smime.bin

More information about the asterisk-users mailing list