<div class="gmail_quote">On Fri, Aug 6, 2010 at 10:53 PM, <span dir="ltr"><<a href="mailto:jwexler@mail.usa.com">jwexler@mail.usa.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div link="blue" vlink="purple" lang="JA"><div>
<span style="font-size: 10pt; color: rgb(31, 73, 125);" lang="EN-US"></span><p class="MsoNormal"><span style="font-size: 10pt; color: rgb(31, 73, 125);" lang="EN-US">Someone from Amsterdam was trying to register yesterday using an
automated program which tried roughly 1,000 or so username password
combinations before I shut asterisk down and added his/her ip to iptables to
drop it. I wonder if I can configure the system to automatically detect such an
attack in progress (e.g., a 1,000+ registration failures from the same ip is an
‘attack’) and the ip’s to iptables, hosts.deny, etc. on the
fly. That might be another topic I guess?</span></p><br clear="all"></div></div></blockquote></div><br>Use fail2ban. Also, read some of the security advisories from earlier this year about being sure to always use a FILTER statement whenever you're dialing using a variable (most notably ${EXTEN}). <a href="http://downloads.asterisk.org/pub/security/AST-2010-002.html">http://downloads.asterisk.org/pub/security/AST-2010-002.html</a><br>
<br>-- <br>Thanks,<br>--Warren Selby<br><a href="http://www.selbytech.com">http://www.selbytech.com</a><br>
<div style="visibility: hidden; display: inline;" id="avg_ls_inline_popup"></div><style type="text/css">#avg_ls_inline_popup { position:absolute; z-index:9999; padding: 0px 0px; margin-left: 0px; margin-top: 0px; width: 240px; overflow: hidden; word-wrap: break-word; color: black; font-size: 10px; text-align: left; line-height: 13px;}</style>