[asterisk-users] A new hack?

Gordon Henderson gordon+asterisk at drogon.net
Sun Nov 27 07:47:48 CST 2011


On Sat, 26 Nov 2011, C F wrote:

> On Sat, Nov 26, 2011 at 7:50 AM, Gordon Henderson
> <gordon+asterisk at drogon.net> wrote:
>> On Sat, 26 Nov 2011, Terry Brummell wrote:
>>
>>> Install & Configure Fail2Ban then the host will be blocked from
>>> connecting.  And no, it's not new.
>>
>> I don't need Fail2Ban, thank you. But your advice might be useful to others.
>
> Why is that?
> Even if they don't compromise an account they are still using your
> bandwidth and resources on your machine.

Linux has excellent built-in subsystems to control firewalling and so on 
without resorting to external programs. It's called iptables. If you know 
how to use them, then using an external resource such as fail2ban is 
unneccessary.

For example, with iptables rules you can say something like: If a 
connection from a remote site to a local port happens more than (say) once 
a second then drop that connection.

And that happens right at the kernel level without the need to run any 
userland software, write config files, monitor log files and so on.

I've posted about it in the past - search the archives if you want to know 
more.

Gordon


More information about the asterisk-users mailing list