From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Warren Selby Sent: Thursday, March 31, 2011 10:14 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] asterisk and fail2ban
On Thu, Mar 31, 2011 at 7:17 AM, vip killa <vipki...@gmail.com> wrote: Back to the original question, for those of you using Fail2Ban, Does it take an unusually high amount of break-in attempts before attackers are banned? I have it set to 5 attempts in fail2ban but usually, the attacker is able to make over 100 attempts before fail2ban bans them. I've tried this using asterisk's /var/log/asterisk/messages and /var/log/messages with same results. Perhaps someone else is experiencing this or has resolved it, thank you. Check your log files. With the current generation of SIP attack scripts, I've seen hundreds of attacks come in within one second, especially if you've got decent bandwidth. I've seen fail2ban logs that state between 60-250 failed attempts for asterisk. I think it's just the nature of the speed of the attacks. -- Thanks, --Warren Selby, dCAP http://www.selbytech.com Which is a good reason to use manual, mass IPTables entries for "the rest of the world" and fail2ban generated entries for creeps in your neighborhood/country. CF
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
