Speaking of all these attacks, are there any good web managed security monitor tools for CentOS out there that can be installed on the system so that it can give us a visual of let's multiple failed attempts against SSH or HTTPd?<div>
<br></div><div>Something nice that is simple and doesn't eat a lot resources and spits out everything on the screen?</div><div><br></div><div>Thanks,</div><div>Bruce<br><br><div class="gmail_quote">On Tue, Apr 13, 2010 at 9:51 AM, Fred Posner <span dir="ltr"><<a href="mailto:fred@teamforrest.com">fred@teamforrest.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">On Apr 13, 2010, at 8:04 AM, Hans Witvliet wrote:<br>
<br>
> On Tue, 2010-04-13 at 09:47 +0100, Gordon Henderson wrote:<br>
>> On Tue, 13 Apr 2010, Alyed wrote:<br>
>><br>
>>> Think we need some solution WITHIN the Asterisk core. Roderick A. suggested<br>
>>> something that looks nice using iptables, some others have pointed out using<br>
>>> RBL or fail2ban, but the best would be to have some generic solution not<br>
>>> dependant on third party programs.<br>
>><br>
>> I'd strongly disagree with this. (And I was the OP of this thread and had<br>
>> my home/office network connection taken down due to it)<br>
>><br>
>> But then, I'm an old worldy Unix sysadmin and the philosophy of having a<br>
>> program do one thing well is still etched into my core...<br>
>><br>
>> <a href="http://en.wikipedia.org/wiki/Unix_philosophy" target="_blank">http://en.wikipedia.org/wiki/Unix_philosophy</a><br>
>><br>
>> So get asterisk to do what it does well, then get something else that does<br>
>> what you need to do just as well - built-in to Linux are the iptables<br>
>> firewall rules. Use them! They are very effective and do work. (And you<br>
>> have a choice!)<br>
><br>
> I'll agree with you here.<br>
> Any aditional security within * is fine, but if someone is simply<br>
> drowning your bandwith, action must be taken at a lower level.<br>
> Otherwise you endup re-inventing the wheel for D.o.s. attackes for voip,<br>
> mail, ssh, ldap, http, rsync, (or any other service you might be<br>
> running)<br>
><br>
> So a proper job for ip(6)tables, imho<br>
><br>
> --<br>
<br>
+1 for outside of asterisk. I want something that blocks it before it gets to the Asterisk processes. I've posted a little script on Team Forrest for how I'm blocking the traffic (using a quick perl script, iptables, and cron). The script is at <a href="http://bit.ly/cDHlLq" target="_blank">http://bit.ly/cDHlLq</a><br>
<br>
---fred<br>
<a href="http://qxork.com" target="_blank">http://qxork.com</a><br>
<br>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</blockquote></div><br></div>