[asterisk-users] The S word: Asterisk security
Trevor Peirce
tpeirce at digitalcon.ca
Tue Jul 8 23:34:44 CDT 2008
Steve Totaro wrote:
> For security, how about an authentication retry setting in the sip
> configuration? After X amounts of failed auth or registration
> attempts, block IP for Y amount of time. It would seem fairly easy to
> do using realtime with DB entries for IP blocks and expiration. Then
> a quick query of the same tables would allow an admin to put in
> permanent rules on a firewall or ACL and also contact that ISP's abuse
> dept.
I was recently introduced to fail2ban. It's a nice tool that will watch
log files and when it notices too many failed authentication attempts
(SSH, FTP, Password protected web sites, asterisk) it will run an
iptables or shorewall command to block the offending IP address for a
certain amount of time.
It also has the option to send an email to let me know when someone got
themselves banned.
I've found this tool to be quite handy.
Really no need to reinvent the wheel by incorporating it's functionality
into asterisk. Plus it's always better to block unwanted traffic before
it even gets to the application.
That's my two cents anyway...
Trevor
More information about the asterisk-users
mailing list