[asterisk-users] asterisk and fail2ban

Danny Nicholas danny at debsinc.com
Thu Mar 31 10:45:24 CDT 2011


-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of JR Richardson
Sent: Thursday, March 31, 2011 10:43 AM
To: asterisk-users at lists.digium.com
Subject: Re: [asterisk-users] asterisk and fail2ban

> From: vip killa
> Sent: Thu 3/31/2011 8:17 AM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: Re: [asterisk-users] asterisk and fail2ban
>
>
> Back to the original question, for those of you using Fail2Ban,
> Does it take an unusually high amount of break-in attempts before
attackers are banned?
> I have it set to 5 attempts in fail2ban but usually, the attacker is able
to make over 100 attempts before fail2ban bans them.
> I've tried this using asterisk's /var/log/asterisk/messages and
/var/log/messages with same results.
> Perhaps someone else is experiencing this or has resolved it, thank you.
>
I have F2B set to ban after 1 attempt.  The most I have seen in the
logs is 4-5 attemps before ban is applied.  I am calling scripts that
apply the ban to a cisco access-list, so there is script/telnet/config
delay but it is very minimal and works very well.

JR

Speaking blindly as someone who has yet to fool with F2B, I'd rather ban
somebody after 5-20 attempts than have the overhead needed to ban them
quicker.  Guess that's a naïve view??




More information about the asterisk-users mailing list