[asterisk-users] lock SIP Account after too many failed logins
Matthew Nicholson
mnicholson at digium.com
Fri Jan 9 11:04:14 CST 2009
On Fri, 2009-01-09 at 16:49 +0000, Steve Howes wrote:
> On 9 Jan 2009, at 16:36, Klaus Darilion wrote:
> > Hi!
> >
> > I want to detect brute-force password hacking attacks - thus if there
> > are too many failed login attempts for a SIP account I want to "lock"
> > this account.
> >
> > Does somebody have any ideas how this could be implemented?
>
> Bad plan? Could quite easily turn into a DoS.
Could this be done at the IP tables level? Or maybe you could write a
script that monitors the asterisk logs and detects failed login attempts
then adds problematic IP address to hosts.deny. I know of several ssh
blocking scripts that work this way.
--
Matthew Nicholson
Digium, Inc. | Software Developer
More information about the asterisk-users
mailing list