[asterisk-users] Securing Asterisk and your network
Jay R. Ashworth
jra at baylink.com
Fri Jun 13 10:51:35 CDT 2008
On Thu, Jun 12, 2008 at 11:09:43PM +0300, Tzafrir Cohen wrote:
> > Additionally, you should install a brute-force-attack blocker:
> >
> > http://www.la-samhna.de/library/brutessh.html
>
> This is effectively another service listening. It is also a method for
> an attacker to lock you out of the system.
>
> See, for instance, http://www.ossec.net/en/attacking-loganalysis.html .
Sure; all in-band methods suffer from the possibility of becoming DoS
vectors. And yes, the fact that sshd doesn't quote that argument as it
drops it into the syslog, making it easier to see bogusness, is a bad
thing. But those log lines wouldn't fool *me*.
And if they fool your log analysis system, then it's regexes aren't
written tightly enough.
And, back on point, that particular sshblocker doesn't give a damn what
sshd writes in the syslog.
And, no, it's actually not another service listening.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Joseph Stalin)
More information about the asterisk-users
mailing list