You can use a hashtable to watch incoming traffic, sort it into buckets based on its ip address, and take action accordingly. But you'll need some method of sorting out legitimate traffic versus bad traffic. You'll need to come up with some more characteristics than just that something is communicating on the port.
ssh hack detection is easy because each new bruteforce starts with a tcp syn, so you can count them and then drop access, on the premise that a legitimate user wouldn't need X attempts to get their password right. On Mon, Jun 30, 2008 at 2:56 PM, spectro <[EMAIL PROTECTED]> wrote: > On Mon, Jun 30, 2008 at 1:31 PM, David Backeberg <[EMAIL PROTECTED]> wrote: >> Do a reverse lookup on your attacker. >> Then find their ISP. >> Then file an abuse complaint. > > > already done, also filed a report with FBI cybercrime unit and setup > iptables to block incoming traffic from that IP. > > My question is if there is anything in asterisk to detect these > bruteforce attacks and take measure like we can do with ssh brute > force attacks. > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > AstriCon 2008 - September 22 - 25 Phoenix, Arizona > Register Now: http://www.astricon.net > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
