[asterisk-users] Being attacked by an Amazon EC2 ...

bruce bruce bruceb444 at gmail.com
Tue Apr 13 09:13:45 CDT 2010


Speaking of all these attacks, are there any good web managed security
monitor tools for CentOS out there that can be installed on the system so
that it can give us a visual of let's multiple failed attempts against SSH
or HTTPd?

Something nice that is simple and doesn't eat a lot resources and spits out
everything on the screen?

Thanks,
Bruce

On Tue, Apr 13, 2010 at 9:51 AM, Fred Posner <fred at teamforrest.com> wrote:

> On Apr 13, 2010, at 8:04 AM, Hans Witvliet wrote:
>
> > On Tue, 2010-04-13 at 09:47 +0100, Gordon Henderson wrote:
> >> On Tue, 13 Apr 2010, Alyed wrote:
> >>
> >>> Think we need some solution WITHIN the Asterisk core. Roderick A.
> suggested
> >>> something that looks nice using iptables, some others have pointed out
> using
> >>> RBL or fail2ban, but the best would be to have some generic solution
> not
> >>> dependant on third party programs.
> >>
> >> I'd strongly disagree with this. (And I was the OP of this thread and
> had
> >> my home/office network connection taken down due to it)
> >>
> >> But then, I'm an old worldy Unix sysadmin and the philosophy of having a
> >> program do one thing well is still etched into my core...
> >>
> >> http://en.wikipedia.org/wiki/Unix_philosophy
> >>
> >> So get asterisk to do what it does well, then get something else that
> does
> >> what you need to do just as well - built-in to Linux are the iptables
> >> firewall rules. Use them! They are very effective and do work. (And you
> >> have a choice!)
> >
> > I'll agree with you here.
> > Any aditional security within * is fine, but if someone is simply
> > drowning your bandwith, action must be taken at a lower level.
> > Otherwise you endup re-inventing the wheel for D.o.s. attackes for voip,
> > mail, ssh, ldap, http, rsync, (or any other service you might be
> > running)
> >
> > So a proper job for ip(6)tables, imho
> >
> > --
>
> +1 for outside of asterisk. I want something that blocks it before it gets
> to the Asterisk processes. I've posted a little script on Team Forrest for
> how I'm blocking the traffic (using a quick perl script, iptables, and
> cron). The script is at http://bit.ly/cDHlLq
>
> ---fred
> http://qxork.com
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100413/987b69a8/attachment.htm 


More information about the asterisk-users mailing list