[asterisk-users] A new hack?

john Millican john at millican.us
Fri Dec 2 13:45:16 CST 2011


On 12/2/2011 12:44 PM, Steve Edwards wrote:
> On Fri, 2 Dec 2011, Jim Lucas wrote:
>
>> How is using Fail2Ban less resource intensive then me writing (by 
>> hand) iptable rules?
>
> It depends on how you define resources and how much of those resources 
> you have.
>
> Gordon (based on my understanding of his posts) does a lot of Asterisk 
> systems on very limited hardware hosts. His approach uses iptables 
> features to limit the number of SIP INVITES and REGISTERS per second 
> per IP address.
>
> Thus, Gordon's approach is more responsive (since it doesn't require 
> periodic log file scanning) and requires less hardware resources 
> (since it doesn't depend on running relatively 'slothish' resource 
> intensive script interpreters like Perl or PHP periodically).
>
> If you have limited admin skills and more hardware resources, F2B 
> makes sense.
>
> If you have more admin skills and limited hardware resources, Gordon's 
> approach makes more sense.
>
> Personally, I find any approach that tracks log files 'hackish' but if 
> you centralize your logging (which I always do) it does allow you to 
> detect patterns of abuse across multiple hosts.
>
Now this, I would say was very well put.
As always, just my opinion.
JohnM



More information about the asterisk-users mailing list