[asterisk-users] asterisk and fail2ban
Cary Fitch
caryf at usawide.net
Thu Mar 31 10:18:41 CDT 2011
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Warren Selby
Sent: Thursday, March 31, 2011 10:14 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] asterisk and fail2ban
On Thu, Mar 31, 2011 at 7:17 AM, vip killa <vipkilla at gmail.com> wrote:
Back to the original question, for those of you using Fail2Ban,
Does it take an unusually high amount of break-in attempts before attackers
are banned?
I have it set to 5 attempts in fail2ban but usually, the attacker is able to
make over 100 attempts before fail2ban bans them.
I've tried this using asterisk's /var/log/asterisk/messages and
/var/log/messages with same results.
Perhaps someone else is experiencing this or has resolved it, thank you.
Check your log files. With the current generation of SIP attack scripts,
I've seen hundreds of attacks come in within one second, especially if
you've got decent bandwidth. I've seen fail2ban logs that state between
60-250 failed attempts for asterisk. I think it's just the nature of the
speed of the attacks.
--
Thanks,
--Warren Selby, dCAP
http://www.selbytech.com
Which is a good reason to use manual, mass IPTables entries for "the rest of
the world" and fail2ban generated entries for creeps in your
neighborhood/country.
CF
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110331/b1b5852d/attachment.htm>
More information about the asterisk-users
mailing list