[asterisk-users] A new hack?

Steve Edwards asterisk.org at sedwards.com
Fri Dec 2 11:44:24 CST 2011


On Fri, 2 Dec 2011, Jim Lucas wrote:

> How is using Fail2Ban less resource intensive then me writing (by hand) 
> iptable rules?

It depends on how you define resources and how much of those resources you 
have.

Gordon (based on my understanding of his posts) does a lot of Asterisk 
systems on very limited hardware hosts. His approach uses iptables 
features to limit the number of SIP INVITES and REGISTERS per second per 
IP address.

Thus, Gordon's approach is more responsive (since it doesn't require 
periodic log file scanning) and requires less hardware resources (since it 
doesn't depend on running relatively 'slothish' resource intensive script 
interpreters like Perl or PHP periodically).

If you have limited admin skills and more hardware resources, F2B makes 
sense.

If you have more admin skills and limited hardware resources, Gordon's 
approach makes more sense.

Personally, I find any approach that tracks log files 'hackish' but if you 
centralize your logging (which I always do) it does allow you to detect 
patterns of abuse across multiple hosts.

-- 
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards       sedwards at sedwards.com      Voice: +1-760-468-3867 PST
Newline                                              Fax: +1-760-731-3000



More information about the asterisk-users mailing list