<div class="gmail_quote">On Thu, Mar 31, 2011 at 7:17 AM, vip killa <span dir="ltr"><<a href="mailto:vipkilla@gmail.com">vipkilla@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Back to the original question, for those of you using Fail2Ban,<div>Does it take an unusually high amount of break-in attempts before attackers are banned?</div><div>I have it set to 5 attempts in fail2ban but usually, the attacker is able to make over 100 attempts before fail2ban bans them.</div>
<div>I've tried this using asterisk's /var/log/asterisk/messages and /var/log/messages with same results.</div><div><span style="border-collapse:collapse;font-family:arial, sans-serif;font-size:13px">Perhaps someone else is experiencing this or has resolved it, thank you.</span></div>
<div><div></div><br></div></blockquote></div><br>Check your log files. With the current generation of SIP attack scripts, I've seen hundreds of attacks come in within one second, especially if you've got decent bandwidth. I've seen fail2ban logs that state between 60-250 failed attempts for asterisk. I think it's just the nature of the speed of the attacks. <br>
<br>-- <br>Thanks,<br>--Warren Selby, dCAP<br><a href="http://www.selbytech.com" target="_blank">http://www.selbytech.com</a><br>