-----Original Message----- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of JR Richardson Sent: Thursday, March 31, 2011 10:43 AM To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] asterisk and fail2ban
> From: vip killa > Sent: Thu 3/31/2011 8:17 AM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: Re: [asterisk-users] asterisk and fail2ban > > > Back to the original question, for those of you using Fail2Ban, > Does it take an unusually high amount of break-in attempts before attackers are banned? > I have it set to 5 attempts in fail2ban but usually, the attacker is able to make over 100 attempts before fail2ban bans them. > I've tried this using asterisk's /var/log/asterisk/messages and /var/log/messages with same results. > Perhaps someone else is experiencing this or has resolved it, thank you. > I have F2B set to ban after 1 attempt. The most I have seen in the logs is 4-5 attemps before ban is applied. I am calling scripts that apply the ban to a cisco access-list, so there is script/telnet/config delay but it is very minimal and works very well. JR Speaking blindly as someone who has yet to fool with F2B, I'd rather ban somebody after 5-20 attempts than have the overhead needed to ban them quicker. Guess that's a naïve view?? -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users