[asterisk-users] (no subject)
Ioan Indreias
indreias at gmail.com
Fri Mar 19 02:05:32 CDT 2010
On Fri, Mar 19, 2010 at 3:13 AM, Zeeshan Zakaria <zishanov at gmail.com> wrote:
> Fail2ban is a must. I was a victim of such attacks, and have implemented
> some other measures too, but fail2ban is a must have with the link posted by
> Matt which describes how to set it up for asterisk. Make sure you put your
> own ip address in ignore list otherwise it can block you too.
You may also consider to use BFD (Brute Force Detection) [1] as your
tool for log analysis.
We have a detailed tutorial [2] on how to install and configure BFD,
using Asterisk rules [3] for SIP and IAX protocols.
Our approach is not to use iptables but to block the communication
with the attacker using "route del -host $ATTACK_HOST reject". To
unban a specific IP we will use a manual command like "route del -host
$ATTACK_HOST reject".
This is not probably not the best method but it works for us till now.
Best regards,
Ioan.
[1] - http://www.rfxn.com/projects/brute-force-detection/
[2] - http://www.modulo.ro/Modulo/ro/Articole/Securitate_pentru_servere_Asterisk.html
[3] - http://www.modulo.ro/Modulo/downloads/tools/tenora.bfd.tar.gz
More information about the asterisk-users
mailing list