[asterisk-users] lock SIP Account after too many failed logins
Klaus Darilion
klaus.mailinglists at pernau.at
Mon Jan 12 04:34:46 CST 2009
Dave Platt schrieb:
>> Bad plan? Could quite easily turn into a DoS.
>
> If the reaction is to lock the account, I agree, it might
> leave you prone to a denial-of-service attack.
>
> A better way would be to use iptables to start dropping
> packets from the IP address(es) involved in the attack... this
> will still allow the legitimate user of the account to access
> it.
TRUE.
> The block-IP-address-only method won't defend effectively
> against a "slow scan" botnet-based crack attempt, where each
> password-guessing attempt comes from a different IP address
> in the botnet. A lot of current SSH password-guess probes are
> of this sort. I don't think there's any terribly good defense
> against this except to select *good* passwords - e.g. 20 or more
> alphanumeric characters selected by a good random-number generator.
I second that.
thanks
klaus
More information about the asterisk-users
mailing list