[asterisk-users] Find a way to block brute force attacks.
Gareth Blades
list-asterisk at skycomuk.com
Tue Jun 29 10:12:42 CDT 2010
Rodrigo Lang wrote:
> Hello list.
>
> I'm trying to find a way to block any ip that tries to login more than
> three times with the wrong password and try to log in three different
> extensions. For I have suffered some brute force attacks on my asterisk
> in the morning period.
>
> The idea would be: Any ip with three attempts without success to log
> into an extension is blocked.
>
> Is there any way to accomplish this directly by the asterisk? Or is
> there some kind of asterisk spit this information via the AMI?
>
> I was wondering to make a Java program to listen to the AMI and create a
> rule in iptables for ip in specific.
>
> Does anyone have any suggestions?
>
>
> Thanks,
> Rodrigo Lang.
>
Does asterisk log the failed attempts to a file?
If so then you could use sshblack to monitor the file for incorrect
logins. It will add firewalls rules to a custom iptables chain based on
various criteria. You can then point incoming SIP connections through
this chain so offenders will be forewalled for a specific amount of time.
http://www.pettingers.org/code/sshblack.html
More information about the asterisk-users
mailing list