[asterisk-users] A new hack?
john Millican
john at millican.us
Fri Dec 2 13:45:16 CST 2011
On 12/2/2011 12:44 PM, Steve Edwards wrote:
> On Fri, 2 Dec 2011, Jim Lucas wrote:
>
>> How is using Fail2Ban less resource intensive then me writing (by
>> hand) iptable rules?
>
> It depends on how you define resources and how much of those resources
> you have.
>
> Gordon (based on my understanding of his posts) does a lot of Asterisk
> systems on very limited hardware hosts. His approach uses iptables
> features to limit the number of SIP INVITES and REGISTERS per second
> per IP address.
>
> Thus, Gordon's approach is more responsive (since it doesn't require
> periodic log file scanning) and requires less hardware resources
> (since it doesn't depend on running relatively 'slothish' resource
> intensive script interpreters like Perl or PHP periodically).
>
> If you have limited admin skills and more hardware resources, F2B
> makes sense.
>
> If you have more admin skills and limited hardware resources, Gordon's
> approach makes more sense.
>
> Personally, I find any approach that tracks log files 'hackish' but if
> you centralize your logging (which I always do) it does allow you to
> detect patterns of abuse across multiple hosts.
>
Now this, I would say was very well put.
As always, just my opinion.
JohnM
More information about the asterisk-users
mailing list