[asterisk-users] Security - What inbound variables can attackers populate or use when calling?

Warren Selby wcselby at selbytech.com
Fri Aug 6 23:35:04 CDT 2010

On Fri, Aug 6, 2010 at 10:53 PM, <jwexler at mail.usa.com> wrote:

> Someone from Amsterdam was trying to register yesterday using an automated
> program which tried roughly 1,000 or so username password combinations
> before I shut asterisk down and added his/her ip to iptables to drop it. I
> wonder if I can configure the system to automatically detect such an attack
> in progress (e.g., a 1,000+ registration failures from the same ip is an
> ‘attack’) and the ip’s to iptables, hosts.deny, etc. on the fly. That might
> be another topic I guess?
Use fail2ban.  Also, read some of the security advisories from earlier this
year about being sure to always use a FILTER statement whenever you're
dialing using a variable (most notably ${EXTEN}).

--Warren Selby
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100806/919365c6/attachment.htm 

More information about the asterisk-users mailing list