On Fri, Aug 6, 2010 at 10:53 PM, <[email protected]> wrote: > Someone from Amsterdam was trying to register yesterday using an automated > program which tried roughly 1,000 or so username password combinations > before I shut asterisk down and added his/her ip to iptables to drop it. I > wonder if I can configure the system to automatically detect such an attack > in progress (e.g., a 1,000+ registration failures from the same ip is an > ‘attack’) and the ip’s to iptables, hosts.deny, etc. on the fly. That might > be another topic I guess? > > Use fail2ban. Also, read some of the security advisories from earlier this year about being sure to always use a FILTER statement whenever you're dialing using a variable (most notably ${EXTEN}). http://downloads.asterisk.org/pub/security/AST-2010-002.html
-- Thanks, --Warren Selby http://www.selbytech.com
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
