[asterisk-users] asterisk and fail2ban
vip killa
vipkilla at gmail.com
Thu Mar 31 10:16:23 CDT 2011
Yes, I see in the log that most of these attacks only last 2 seconds before
fail2ban bans them
On Thu, Mar 31, 2011 at 11:13 AM, Warren Selby <wcselby at selbytech.com>wrote:
> On Thu, Mar 31, 2011 at 7:17 AM, vip killa <vipkilla at gmail.com> wrote:
>
>> Back to the original question, for those of you using Fail2Ban,
>> Does it take an unusually high amount of break-in attempts before
>> attackers are banned?
>> I have it set to 5 attempts in fail2ban but usually, the attacker is able
>> to make over 100 attempts before fail2ban bans them.
>> I've tried this using asterisk's /var/log/asterisk/messages and
>> /var/log/messages with same results.
>> Perhaps someone else is experiencing this or has resolved it, thank you.
>>
>>
> Check your log files. With the current generation of SIP attack scripts,
> I've seen hundreds of attacks come in within one second, especially if
> you've got decent bandwidth. I've seen fail2ban logs that state between
> 60-250 failed attempts for asterisk. I think it's just the nature of the
> speed of the attacks.
>
> --
> Thanks,
> --Warren Selby, dCAP
> http://www.selbytech.com
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110331/d4184d8e/attachment.htm>
More information about the asterisk-users
mailing list