[asterisk-users] asterisk and fail2ban
Warren Selby
wcselby at selbytech.com
Thu Mar 31 10:13:39 CDT 2011
On Thu, Mar 31, 2011 at 7:17 AM, vip killa <vipkilla at gmail.com> wrote:
> Back to the original question, for those of you using Fail2Ban,
> Does it take an unusually high amount of break-in attempts before attackers
> are banned?
> I have it set to 5 attempts in fail2ban but usually, the attacker is able
> to make over 100 attempts before fail2ban bans them.
> I've tried this using asterisk's /var/log/asterisk/messages and
> /var/log/messages with same results.
> Perhaps someone else is experiencing this or has resolved it, thank you.
>
>
Check your log files. With the current generation of SIP attack scripts,
I've seen hundreds of attacks come in within one second, especially if
you've got decent bandwidth. I've seen fail2ban logs that state between
60-250 failed attempts for asterisk. I think it's just the nature of the
speed of the attacks.
--
Thanks,
--Warren Selby, dCAP
http://www.selbytech.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110331/85f964ad/attachment.htm>
More information about the asterisk-users
mailing list