[asterisk-users] Being attacked by an Amazon EC2 ...
--[ UxBoD ]--
uxbod at splatnix.net
Tue Apr 13 10:31:22 CDT 2010
----- Original Message -----
> Cool. I am just looking over splunk. Isn't that enough by it's own? or
> is OSSEC needed to give it raw data? I think these two will take quite
> some time to understand. Anything simpler out there as well?
>
>
> Thanks,
> Bruce
>
>
> On Tue, Apr 13, 2010 at 10:42 AM, --[ UxBoD ]-- < uxbod at splatnix.net >
> wrote:
>
>
>
> ----- Original Message -----
> > Speaking of all these attacks, are there any good web managed
> > security monitor tools for CentOS out there that can be installed on
> > the system
> > so that it can give us a visual of let's multiple failed attempts
> > against SSH or HTTPd?
> >
> >
> > Something nice that is simple and doesn't eat a lot resources and
> > spits out everything on the screen?
> >
> >
> > Thanks,
> > Bruce
>
> How about http://www.ossec.net which you could later integrate with
> http://www.splunk.com/ .
>
OSSEC has a number of Asterisk rules already built it; including picking up failed SIP registrations. It also has the feature called Active Response which when a user defined threshold of failed events happen it is able to automatically add a IPtables/PF drop rule for the source IP.
--
Thanks, Phil
More information about the asterisk-users
mailing list