Steve Totaro wrote: > For security, how about an authentication retry setting in the sip > configuration? After X amounts of failed auth or registration > attempts, block IP for Y amount of time. It would seem fairly easy to > do using realtime with DB entries for IP blocks and expiration. Then > a quick query of the same tables would allow an admin to put in > permanent rules on a firewall or ACL and also contact that ISP's abuse > dept.
I was recently introduced to fail2ban. It's a nice tool that will watch log files and when it notices too many failed authentication attempts (SSH, FTP, Password protected web sites, asterisk) it will run an iptables or shorewall command to block the offending IP address for a certain amount of time. It also has the option to send an email to let me know when someone got themselves banned. I've found this tool to be quite handy. Really no need to reinvent the wheel by incorporating it's functionality into asterisk. Plus it's always better to block unwanted traffic before it even gets to the application. That's my two cents anyway... Trevor _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
