No subject
Sun Jul 19 19:54:31 CDT 2009
some PBXs from some customers are pointed trough ddns servers to my swit=
ch =2C using no-ip=2C and they are conected by cable modem with dhcp=
. when ip changes take a few minutes =2C yes =2C its a quite slow. b=
ut it's so SIMPLE=2C SO CHEAP and not requiere advanced acknowledgements=
=2C i think that is a suitable way to connect a some sip users that hav=
en't a fixed ip =2C but this has some delay to update changes. it wiil be =
shure=20
=20
Better solution more efective and fast =2C could be make a kind of simpl=
e DDNS service running on your ouwn server=2C with any TCP client just ne=
ed to open any TCP conection to your server reporting user and pass and th=
en catching the source ip =2C ... it willbe automated version so fast =2C=
and reliable =2C but need more expertise like programming=2C beyond from =
them were asking about basic option form iptbales to avoid calls from und=
esired ips .
=20
Without go so for=2C ALSO CAN USE A FORM IN A HTTPS SERVER CONNECTION fo=
r something like loggin =2C THAT WILL START THE SCRIPT FOR RENEWING after s=
end the form=2C the action started by the CGI just must include the same =
=2C the action for reload modules after renews ips=20
=20
yes=2C its no automatic =2C but really works too. fast and enable to get a=
cheap way to get closer TO a "closed network" =2C but in open ambient=
=2C because any user authenticate using in secure tuinnel tosend the usr a=
nd pss and with that update te ip for peer =2C but it will requiere user =
action =2C=20
=20
like i said earlier =20
All this is a mix=2C branded with less expensive options for bring up so=
mething to get better..=20
=20
Marcos
Thanks again=20
=20
=20
=20
=20
=20
> From: brett at voicefoxtelephony.com
> To: brett at voicefoxtelephony.com
> Subject: Re: [asterisk-biz] 87.230.80.186
> Date: Sun=2C 27 Jun 2010 21:15:02 -0500
> CC: asterisk-biz at lists.digium.com=3B asterisk-biz at lists.digium.com=3B sis=
int2005 at hotmail.com
>=20
> Yow=2C
> Sorry list for the trigger happy reply...
>=20
> What I was saying is that it's an interesting idea but I think DNS=20
> caching will make it not really feasible.
>=20
> For me fail2ban + good passwords works as a really good system where a=20
> VPN can't be used.
>=20
>=20
> -Brett
>=20
> On Jun 27=2C 2010=2C at 9:10 PM=2C Brett Nemeroff=20
> <brett at voicefoxtelephony.com> wrote:
>=20
> > Interesting idea=2C but I think DBS caching will make this not really=20
> > usable.
> >
> >
> > For me=2C fail2
> >
> >
> >
> > On Jun 27=2C 2010=2C at 8:54 PM=2C Calleasy BsAS <sisint2005 at hotmail.co=
m>=20
> > wrote:
> >
> >>
=20
_________________________________________________________________
Ahora Hotmail es un 70% m=E1s r=E1pido. Para que chequear correos sea cada =
vez m=E1s f=E1cil. Ver m=E1s
http://www.descubrehotmail.com/velocidad.asp =
--_58db6808-aa2b-452b-aa54-5fb640b552fb_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Verdana
}
--></style>
</head>
<body class=3D'hmmessage'>
Dear =3B Brett<BR>
 =3B<BR>
Many thanks for your comment.<BR>
 =3B<BR>
 =3Bany =3Bmethod =3B that reads logs to detect a =3B failr=
ude auth =2C may be suitable =2C fail2ban make this =3B =3B<BR>
or  =3Bjust =3Breading  =3Bfiles from =3B logs directory ( =
register and messages files ). =3B =3Bto know if =3B were any i=
ntents refused and then block the src ip..<BR>
 =3B<BR>
with any script that works on =3B this could be found the ip =3B fr=
om where come the =3B intents. <BR>
 =3B<BR>
 =3B<BR>
cat \etc\asterisk\messages | grep Reg =3B| grep  =3B at my.domian =
=3B <BR>
 =3B<BR>
or <BR>
 =3B<BR>
cat \etc\asterisk\messages | grep Reg =3B| grep =3B my.ip.add.res<B=
R>
 =3B<BR>
processing it =3B could be add the iip to the iptables ruiles for block=
...<BR>
 =3B<BR>
 =3B<BR>
 =3B<BR>
in this process=2C like ever =2C former we must chose the =3Bpath  =
=3Bto follow =2C from =3Btwo =3B possibles =3B to implement .<B=
R>
 =3B<BR>
1) closed netowroks =2C denny all =2C enables some host to connect. =3B=
simple=2C =3B =3Bnot flexible=2C  =3B =3B not suitbale con=
tinuous changing =3B networks=2C <BR>
 =3B<BR>
2) open networks=2C =3B accept all =2C we must detect intrussion+ attac=
ks and denny all ip for any attack detected o not =3B trusted .. need m=
uch intelligence=2C resources  =3Band efforts to identify and blocks an=
ything that seem dangerous <BR>
 =3B<BR>
 =3B<BR>
 =3B =3B<BR>
this breif comment was aimed to help some guys =3B that =3B were tr=
yiing to get  =3Bworks some iptables conf to avoid undesired conections=
.<BR>
 =3B<BR>
in short:<BR>
 =3B<BR>
YES...publics DDNS=2C have some =3Bdelay  =3Bto progress in refresh=
 =3B =3B cache. there is no doubt about that.<BR>
 =3B<BR>
 =3B<BR>
More information about the asterisk-biz
mailing list