None of this surprises me somehow.
Peter MacFarlane wrote:
You should really have a firewall that filters out most of these going
to the Internet. As a general rule, only open to the outside what is
required for access. That is the best default for security. There is an
application or option you can add to your Linux server that cuts off ssh
login attempts from an IP after so many attempts. I don't know what it
is at the moment but I saw it used. Works well.
I use OpenBSD and the pf firewall allows traffic to be directed to
specific servers. Hopefully the cracker robots can be cut off there as
well. I'll have to check that out. Strong passwords are one of your
best assets. I hear that OpenBSD runs Asterisk well also, if you don't
need card drivers. That might be a nice two-in-one box.
Yes, pf has an option
max-src-conn-rate <number> / <seconds>
Limit the rate of new connections over a time interval. The con-
nection rate is an approximation calculated as a moving average.
See Peter Hansteen's excellent pf tutorial. Start at the page
http://www.bgnett.no/~peter/pf/en/bruteforce.html
for details on this option in particular, or go to that directory and
read the whole thing.
And yes, I run my "production" (but low volume) Asterisk server on
OpenBSD, using hard phones, the odd ATA, and DID service from Unlimitel.
Ian
