[asterisk-users] asterisk and fail2ban

Ioan Indreias indreias at gmail.com
Tue Mar 29 17:45:20 CDT 2011


Hi Gilles,

Just to provide an alternative to sshguard: you could use BFD[1]
(based on bash scripts) and configure it to use iptables to block the
attacker host.
The default configuration is to check the logs at each 3 minutes
(using a crontab entry).

BFD rules for Asterisk could be found here [2] - tested on Asterisk 1.4

Our BAN command looks like:
"(/sbin/iptables -n -L | grep DROP | grep $ATTACK_HOST) ||
/sbin/ipttables -I INPUT -s $ATTACK_HOST -j DROP"

HTH,
Ioan

[1] http://www.rfxn.com/projects/brute-force-detection/
[2] http://www.modulo.ro/Modulo/downloads/tools/tenora.bfd.tar.gz

On Wed, Mar 30, 2011 at 12:51 AM, Gilles <codecomplete at free.fr> wrote:
> On Tue, 29 Mar 2011 23:09:06 +0200, adamk at 3a.hu wrote:
>>On 03-29-2011 19:25, Steve Edwards wrote:
>>> Really? How many callers are you expecting from North Korea, Libya, China,
>>> Iran, etc?
>>after reviewing last week's log i'd say around 25-28k/min :)
>
> So it looks like I should check out sshguard instead of relying on
> blocks of IP's :-)
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>



More information about the asterisk-users mailing list