[asterisk-users] Find a way to block brute force attacks.
Kenny Watson
kwatson at geniusgroupltd.com
Tue Jun 29 10:27:08 CDT 2010
Hi, you can use fail2ban http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk
Which works well, when a pattern is found in a log file it addes in an iptables rules to block the traffic for a period.
On debian you can apt-get install fail2ban and on centos/redhat yum -i fail2ban
Thanks
Kenny
----- Original Message -----
From: "Gareth Blades" <list-asterisk at skycomuk.com>
To: "Asterisk Users Mailing List - Non-Commercial Discussion" <asterisk-users at lists.digium.com>
Sent: Tuesday, 29 June, 2010 4:12:42 PM
Subject: Re: [asterisk-users] Find a way to block brute force attacks.
Rodrigo Lang wrote:
> Hello list.
>
> I'm trying to find a way to block any ip that tries to login more than
> three times with the wrong password and try to log in three different
> extensions. For I have suffered some brute force attacks on my asterisk
> in the morning period.
>
> The idea would be: Any ip with three attempts without success to log
> into an extension is blocked.
>
> Is there any way to accomplish this directly by the asterisk? Or is
> there some kind of asterisk spit this information via the AMI?
>
> I was wondering to make a Java program to listen to the AMI and create a
> rule in iptables for ip in specific.
>
> Does anyone have any suggestions?
>
>
> Thanks,
> Rodrigo Lang.
>
Does asterisk log the failed attempts to a file?
If so then you could use sshblack to monitor the file for incorrect
logins. It will add firewalls rules to a custom iptables chain based on
various criteria. You can then point incoming SIP connections through
this chain so offenders will be forewalled for a specific amount of time.
http://www.pettingers.org/code/sshblack.html
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list