[asterisk-users] Fail2ban
Steve Edwards
asterisk.org at sedwards.com
Mon Sep 14 02:28:40 CDT 2015
On Mon, 14 Sep 2015, Gokan Atmaca wrote:
> Another problem is too late to do the ban. The reason for this yetmemse
> of CPU power. I'm simulating an attack. Of course, eating CPU. One
> reason, now forbids. Abstracts must be strong if we are eating our
> resources is a serious attack.
The problem with fail2ban is it is an 'after the fact' approach. It
depends on packets already going where they don't belong and put the
responsibility on the application (Asterisk) to log the offending packets
so fail2ban can scan the logs and create rules.
Years ago (2010?) Gordon Henderson published an iptables script that
handled things like invite and registration flooding.
If you take care of these things before they eat resources and before they
get to the logging that fail2ban depends on you will save a lot of cycles.
If Gordon is still on list, maybe he can re-publish. I'd be interested to
see if he has any new tricks included.
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST
More information about the asterisk-users
mailing list