[asterisk-users] Brute force attacks
Zeeshan Zakaria
zishanov at gmail.com
Fri Jul 2 11:37:55 CDT 2010
Hi Matt,
What eaxtly you mean by Fail2ban crapping out? I never had any problem with
it, and for me it is not only protecting asterisk, but also multiple
websites for wrong logging attempts, spams and SQL injections. Based on your
experience I would like to see if I need to be careful with its settings,
just in case if it could fail at any wrong time.
Zeeshan A Zakaria
--
www.ilovetovoip.com
On 2010-07-02 12:29 PM, "Matt Desbiens" <desbiensm at gmail.com> wrote:
I've noticed from time to time, that fail2ban just craps out, so, this might
be of interest to the community assuming you use 192.168.100.0/24 on your
network
iptables -A INPUT -s 192.168.100.0/24 -j ACCEPT
iptables -A INPUT -s carrierip.x.x.x -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p udp -m udp -s carrierip.x.x.x --destination-port 5060
-j ACCEPT
iptables -A INPUT -p udp -m udp -s carrierip.x.x.x --destination-port
10000:20000 -j ACCEPT
iptables -A INPUT -p udp -m udp --destination-port 5060 -j DROP
iptables -A INPUT -p udp -m udp --destination-port 10000:20000 -j DROP
iptables -A INPUT -p udp -m udp --destination-port 4000:4999 -j DROP
iptables -A INPUT -p udp -m udp --destination-port 4569 -j DROP
iptables -A INPUT -p tcp -m tcp --destination-port 5038 -j DROP
iptables -A INPUT -p tcp -m tcp --destination-port 22 -j DROP
iptables -A INPUT -p udp -m udp --destination-port 22 -j DROP
iptables -A OUTPUT -o eth0 -p all -j ACCEPT
iptables -A OUTPUT -o eth1 -p all -j ACCEPT
iptables -A INPUT -i eth0 -p all -j ACCEPT
iptables -A INPUT -i eth1 -p all -j ACCEPT
iptables -P INPUT DROP
2010/7/2 Jonathan González <jonathan.gsc at gmail.com>
>
> Same activity from these IPs:
> 174.129.137.135
> 89.35.123.12
> 209.20.66.234
> 184.73.30.42
>...
--
Matthew Desbiens
//* EOF *//
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100702/7226ba72/attachment.htm
More information about the asterisk-users
mailing list