[asterisk-users] Security - What inbound variables can attackers populate or use when calling?
Warren Selby
wcselby at selbytech.com
Fri Aug 6 23:35:04 CDT 2010
On Fri, Aug 6, 2010 at 10:53 PM, <jwexler at mail.usa.com> wrote:
> Someone from Amsterdam was trying to register yesterday using an automated
> program which tried roughly 1,000 or so username password combinations
> before I shut asterisk down and added his/her ip to iptables to drop it. I
> wonder if I can configure the system to automatically detect such an attack
> in progress (e.g., a 1,000+ registration failures from the same ip is an
> ‘attack’) and the ip’s to iptables, hosts.deny, etc. on the fly. That might
> be another topic I guess?
>
>
Use fail2ban. Also, read some of the security advisories from earlier this
year about being sure to always use a FILTER statement whenever you're
dialing using a variable (most notably ${EXTEN}).
http://downloads.asterisk.org/pub/security/AST-2010-002.html
--
Thanks,
--Warren Selby
http://www.selbytech.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100806/919365c6/attachment.htm
More information about the asterisk-users
mailing list