[asterisk-users] asterisk and fail2ban
Ioan Indreias
indreias at gmail.com
Tue Mar 29 17:45:20 CDT 2011
Hi Gilles,
Just to provide an alternative to sshguard: you could use BFD[1]
(based on bash scripts) and configure it to use iptables to block the
attacker host.
The default configuration is to check the logs at each 3 minutes
(using a crontab entry).
BFD rules for Asterisk could be found here [2] - tested on Asterisk 1.4
Our BAN command looks like:
"(/sbin/iptables -n -L | grep DROP | grep $ATTACK_HOST) ||
/sbin/ipttables -I INPUT -s $ATTACK_HOST -j DROP"
HTH,
Ioan
[1] http://www.rfxn.com/projects/brute-force-detection/
[2] http://www.modulo.ro/Modulo/downloads/tools/tenora.bfd.tar.gz
On Wed, Mar 30, 2011 at 12:51 AM, Gilles <codecomplete at free.fr> wrote:
> On Tue, 29 Mar 2011 23:09:06 +0200, adamk at 3a.hu wrote:
>>On 03-29-2011 19:25, Steve Edwards wrote:
>>> Really? How many callers are you expecting from North Korea, Libya, China,
>>> Iran, etc?
>>after reviewing last week's log i'd say around 25-28k/min :)
>
> So it looks like I should check out sshguard instead of relying on
> blocks of IP's :-)
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
More information about the asterisk-users
mailing list