On Fri, Mar 19, 2010 at 3:13 AM, Zeeshan Zakaria <[email protected]> wrote: > Fail2ban is a must. I was a victim of such attacks, and have implemented > some other measures too, but fail2ban is a must have with the link posted by > Matt which describes how to set it up for asterisk. Make sure you put your > own ip address in ignore list otherwise it can block you too.
You may also consider to use BFD (Brute Force Detection) [1] as your tool for log analysis. We have a detailed tutorial [2] on how to install and configure BFD, using Asterisk rules [3] for SIP and IAX protocols. Our approach is not to use iptables but to block the communication with the attacker using "route del -host $ATTACK_HOST reject". To unban a specific IP we will use a manual command like "route del -host $ATTACK_HOST reject". This is not probably not the best method but it works for us till now. Best regards, Ioan. [1] - http://www.rfxn.com/projects/brute-force-detection/ [2] - http://www.modulo.ro/Modulo/ro/Articole/Securitate_pentru_servere_Asterisk.html [3] - http://www.modulo.ro/Modulo/downloads/tools/tenora.bfd.tar.gz -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
