> Use fail2ban. Also, read some of the security advisories from earlier
this year about being sure to always use a FILTER statement whenever you're
dialing using > a variable (most notably ${EXTEN}).
http://downloads.asterisk.org/pub/security/AST-2010-002.html
Thanks Warren!!
From: [email protected]
[mailto:[email protected]] On Behalf Of Warren Selby
Sent: Saturday, August 07, 2010 1:35 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Security - What inbound variables can
attackers populate or use when calling?
On Fri, Aug 6, 2010 at 10:53 PM, <[email protected]> wrote:
Someone from Amsterdam was trying to register yesterday using an automated
program which tried roughly 1,000 or so username password combinations
before I shut asterisk down and added his/her ip to iptables to drop it. I
wonder if I can configure the system to automatically detect such an attack
in progress (e.g., a 1,000+ registration failures from the same ip is an
'attack') and the ip's to iptables, hosts.deny, etc. on the fly. That might
be another topic I guess?
Use fail2ban. Also, read some of the security advisories from earlier this
year about being sure to always use a FILTER statement whenever you're
dialing using a variable (most notably ${EXTEN}).
http://downloads.asterisk.org/pub/security/AST-2010-002.html
--
Thanks,
--Warren Selby
http://www.selbytech.com
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
