Yes, I see in the log that most of these attacks only last 2 seconds before fail2ban bans them
On Thu, Mar 31, 2011 at 11:13 AM, Warren Selby <[email protected]>wrote: > On Thu, Mar 31, 2011 at 7:17 AM, vip killa <[email protected]> wrote: > >> Back to the original question, for those of you using Fail2Ban, >> Does it take an unusually high amount of break-in attempts before >> attackers are banned? >> I have it set to 5 attempts in fail2ban but usually, the attacker is able >> to make over 100 attempts before fail2ban bans them. >> I've tried this using asterisk's /var/log/asterisk/messages and >> /var/log/messages with same results. >> Perhaps someone else is experiencing this or has resolved it, thank you. >> >> > Check your log files. With the current generation of SIP attack scripts, > I've seen hundreds of attacks come in within one second, especially if > you've got decent bandwidth. I've seen fail2ban logs that state between > 60-250 failed attempts for asterisk. I think it's just the nature of the > speed of the attacks. > > -- > Thanks, > --Warren Selby, dCAP > http://www.selbytech.com > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
