On Wed, 30 Mar 2011, Terry Brummell wrote:
Yah, sounds simple, how do you set it up to do this? Fail2Ban was
pretty easy, if it's that easy, why was F2B even created?
It's easy for me because I read an undestand how things work, and deal
with Linux firewalling in a daily basis. Fail2ban is
Back to the original question, for those of you using Fail2Ban,
Does it take an unusually high amount of break-in attempts before attackers
are banned?
I have it set to 5 attempts in fail2ban but usually, the attacker is able to
make over 100 attempts before fail2ban bans them.
I've tried this
killa
Sent: Thu 3/31/2011 8:17 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] asterisk and fail2ban
Back to the original question, for those of you using Fail2Ban,
Does it take an unusually high amount of break-in attempts before attackers are
banned?
I
I'm afraid you are incorrect, fail2ban reads the log once every second.
On Thu, Mar 31, 2011 at 8:52 AM, Terry Brummell te...@brummell.net wrote:
Your delay is due to the amount of time the F2B script takes to read the
log file, and due to how often it is called. I do not believe it is a
Yes, I see in the log that most of these attacks only last 2 seconds before
fail2ban bans them
On Thu, Mar 31, 2011 at 11:13 AM, Warren Selby wcse...@selbytech.comwrote:
On Thu, Mar 31, 2011 at 7:17 AM, vip killa vipki...@gmail.com wrote:
Back to the original question, for those of you using
From: vip killa
Sent: Thu 3/31/2011 8:17 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] asterisk and fail2ban
Back to the original question, for those of you using Fail2Ban,
Does it take an unusually high amount of break-in attempts before
-Original Message-
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of JR Richardson
Sent: Thursday, March 31, 2011 10:43 AM
To: asterisk-users@lists.digium.com
Subject: Re: [asterisk-users] asterisk and fail2ban
From: vip killa
On Thu, Mar 31, 2011 at 10:42:52AM -0500, JR Richardson wrote:
I have F2B set to ban after 1 attempt. The most I have seen in the
logs is 4-5 attemps before ban is applied. I am calling scripts that
apply the ban to a cisco access-list, so there is script/telnet/config
delay but it is very
You are a bad person! ;-)
CF
-Original Message-
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Tzafrir Cohen
Sent: Thursday, March 31, 2011 10:53 AM
To: asterisk-users@lists.digium.com
Subject: Re: [asterisk-users] asterisk
I have F2B set to ban after 1 attempt. The most I have seen in the
logs is 4-5 attemps before ban is applied. I am calling scripts that
apply the ban to a cisco access-list, so there is script/telnet/config
delay but it is very minimal and works very well.
So I forge one SIP packet and I
Gordon Henderson wrote:
On Wed, 30 Mar 2011, Terry Brummell wrote:
Yah, sounds simple, how do you set it up to do this? Fail2Ban was
pretty easy, if it's that easy, why was F2B even created?
It's easy for me because I read an undestand how things work, and deal
with Linux firewalling in a
On Wed, 30 Mar 2011 01:45:20 +0300, Ioan Indreias indre...@gmail.com
wrote:
Just to provide an alternative to sshguard: you could use BFD[1]
Thanks Ioan. I'll give it a shot.
--
_
-- Bandwidth and Colocation Provided by
: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Gilles
Sent: 30 March 2011 10:08
To: asterisk-users@lists.digium.com
Subject: Re: [asterisk-users] asterisk and fail2ban
On Wed, 30 Mar 2011 01:45:20 +0300, Ioan Indreias indre...@gmail.com
To: asterisk-users@lists.digium.com
Subject: Re: [asterisk-users] asterisk and fail2ban
On Wed, 30 Mar 2011 01:45:20 +0300, Ioan Indreias indre...@gmail.com
wrote:
Just to provide an alternative to sshguard: you could use BFD[1]
Thanks Ioan. I'll give it a shot
I think you will find Fail2Ban the defacto standard.
From: vip killa
Sent: Wed 3/30/2011 8:38 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] asterisk and fail2ban
so does anyone use fail2ban w/ asterisk or most people use sshguard
On Wed, Mar 30, 2011 at 9:38 AM, vip killa vipki...@gmail.com wrote:
so does anyone use fail2ban w/ asterisk or most people use sshguard?
Vip, the overall message is that it takes layers of
settings/configurations to secure an installation.
Simple Guide
1. alwaysauthreject = yes in
On Wed, 30 Mar 2011, Terry Brummell wrote:
I think you will find Fail2Ban the defacto standard.
I don't use fai2ban. Never have, never will because I simply don't need
it.
Standard iptables are good enough if you can be bothered to use them to
their full abilities. No need for anything
could you please elaborate on how you have iptables setup to work that way?
On Wed, Mar 30, 2011 at 4:11 PM, Gordon Henderson
gordon+aster...@drogon.net wrote:
On Wed, 30 Mar 2011, Terry Brummell wrote:
I think you will find Fail2Ban the defacto standard.
I don't use fai2ban. Never have,
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of vip killa
Sent: Wednesday, March 30, 2011 4:25 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] asterisk and fail2ban
could you please
.
_
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Terry Brummell
Sent: Wednesday, March 30, 2011 3:33 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] asterisk and fail2ban
From: asterisk
On Wed, Mar 30, 2011 at 03:36:10PM -0500, Danny Nicholas wrote:
I don't use F2B either, but from what I understand, it is a packaged
iptables automation. If you are a unix/linux guru or have a small amount of
traffic, I can see where manual iptables maintenance would be fine; F2B
would be
On 03/29/2011 07:16 AM, Gilles wrote:
On Mon, 28 Mar 2011 08:20:23 -0400, vip killavipki...@gmail.com
wrote:
Is anyone using asterisk with fail2ban?
Sorry for hi-jacking the thread, but I was wondering if there were a
lighter alternative that I could run on appliances?
Python uses too much
Look into the ipt_recent / xt_recent module. It's probably what he is using.
On Wed, Mar 30, 2011 at 4:25 PM, vip killa vipki...@gmail.com wrote:
could you please elaborate on how you have iptables setup to work that way?
On Wed, Mar 30, 2011 at 4:11 PM, Gordon Henderson
On Wed, 30 Mar 2011 16:54:51 -0500, Darrick Hartman
dhart...@djhsolutions.com wrote:
One of our developers on the AstLinux team worked out a plugin for
Arno's firewall (iptables based) which performs similar to fail2ban, but
uses bash. He called it adaptive-ban. You might be able to adapt it
On Mon, 28 Mar 2011 08:20:23 -0400, vip killa vipki...@gmail.com
wrote:
Is anyone using asterisk with fail2ban?
Sorry for hi-jacking the thread, but I was wondering if there were a
lighter alternative that I could run on appliances?
Python uses too much RAM, but I need to find a way to ban
On Mon, 28 Mar 2011 08:20:23 -0400, vip killa vipki...@gmail.com
wrote:
Is anyone using asterisk with fail2ban?
Sorry for hi-jacking the thread, but I was wondering if there were a
lighter alternative that I could run on appliances?
Python uses too much RAM, but I need to find a way to
On Tue, 29 Mar 2011 07:31:18 -0500 (CDT), Joe Greco
jgr...@ns.sol.net wrote:
sshguard is *extremely* lightweight compared to most things; it's a very
efficient compiled C application that doesn't have (m?)any dependencies.
Thanks much for the tip. I'll study how to install/configure iptable
and
On 3/29/2011 7:16 AM, Gilles wrote:
On Mon, 28 Mar 2011 08:20:23 -0400, vip killa vipki...@gmail.com
wrote:
Is anyone using asterisk with fail2ban?
Sorry for hi-jacking the thread, but I was wondering if there were a
lighter alternative that I could run on appliances?
Python uses too much
On Tue, 29 Mar 2011 12:10:59 -0500, Sherwood McGowan
sherwood.mcgo...@gmail.com wrote:
First thing I'd do is restrict the ip blocks your sip endpoints can
register/call from in sip.conf (or your database's table for sip endpoints)
Thanks for the idea, but it's not possible, as the Asterisk must
On Tue, 29 Mar 2011 12:10:59 -0500, Sherwood McGowan
First thing I'd do is restrict the ip blocks your sip endpoints can
register/call from in sip.conf (or your database's table for sip
endpoints)
On Tue, 29 Mar 2011, Gilles wrote:
Thanks for the idea, but it's not possible, as the
On 3/29/2011 12:25 PM, Steve Edwards wrote:
On Tue, 29 Mar 2011 12:10:59 -0500, Sherwood McGowan
First thing I'd do is restrict the ip blocks your sip endpoints can
register/call from in sip.conf (or your database's table for sip
endpoints)
On Tue, 29 Mar 2011, Gilles wrote:
Thanks for
On Tue, 29 Mar 2011 12:34:04 -0500, Sherwood McGowan
sherwood.mcgo...@gmail.com wrote:
Remember guys, there's a LOT of IP blocks out there that are almost
definitely not going to be somewhere you expect to receive SIP traffic
from.
I agree. Is there a list I could use to check which blocks have
On Tue, Mar 29, 2011 at 2:34 PM, Sherwood McGowan
sherwood.mcgo...@gmail.com wrote:
On 3/29/2011 12:25 PM, Steve Edwards wrote:
On Tue, 29 Mar 2011 12:10:59 -0500, Sherwood McGowan
First thing I'd do is restrict the ip blocks your sip endpoints can
register/call from in sip.conf (or your
On 3/29/2011 12:42 PM, Gilles wrote:
On Tue, 29 Mar 2011 12:34:04 -0500, Sherwood McGowan
sherwood.mcgo...@gmail.com wrote:
Remember guys, there's a LOT of IP blocks out there that are almost
definitely not going to be somewhere you expect to receive SIP traffic
from.
I agree. Is there a
On Tue, 29 Mar 2011 12:34:04 -0500, Sherwood McGowan
sherwood.mcgo...@gmail.com wrote:
Remember guys, there's a LOT of IP blocks out there that are almost
definitely not going to be somewhere you expect to receive SIP traffic
from.
On Tue, 29 Mar 2011, Gilles wrote:
I agree. Is there a list
Le 29/03/2011 19:34, Sherwood McGowan a écrit :
On 3/29/2011 12:25 PM, Steve Edwards wrote:
On Tue, 29 Mar 2011 12:10:59 -0500, Sherwood McGowan
First thing I'd do is restrict the ip blocks your sip endpoints can
register/call from in sip.conf (or your database's table for sip
endpoints)
On
, 2011 3:21 PM
To: asterisk-users@lists.digium.com
Subject: Re: [asterisk-users] asterisk and fail2ban
Le 29/03/2011 19:34, Sherwood McGowan a écrit :
On 3/29/2011 12:25 PM, Steve Edwards wrote:
On Tue, 29 Mar 2011 12:10:59 -0500, Sherwood McGowan
First thing I'd do is restrict the ip blocks your
On Tue, Mar 29, 2011 at 3:57 PM, Cary Fitch ca...@usawide.net wrote:
Obviously, the other side of the world wants connections to your side, no
matter what side you are on.
:-)
Cary
Exactly
--
_
-- Bandwidth and Colocation
On 03-29-2011 19:25, Steve Edwards wrote:
Really? How many callers are you expecting from North Korea, Libya, China,
Iran, etc?
after reviewing last week's log i'd say around 25-28k/min :)
--
_
-- Bandwidth and Colocation
On Tue, 29 Mar 2011 23:09:06 +0200, ad...@3a.hu wrote:
On 03-29-2011 19:25, Steve Edwards wrote:
Really? How many callers are you expecting from North Korea, Libya, China,
Iran, etc?
after reviewing last week's log i'd say around 25-28k/min :)
So it looks like I should check out sshguard
On 03-29-2011 19:25, Steve Edwards wrote:
Really? How many callers are you expecting from North Korea, Libya,
China, Iran, etc?
On Tue, 29 Mar 2011 23:09:06 +0200, ad...@3a.hu wrote:
after reviewing last week's log i'd say around 25-28k/min :)
On Tue, 29 Mar 2011, Gilles wrote:
So it
Hi Gilles,
Just to provide an alternative to sshguard: you could use BFD[1]
(based on bash scripts) and configure it to use iptables to block the
attacker host.
The default configuration is to check the logs at each 3 minutes
(using a crontab entry).
BFD rules for Asterisk could be found here
On Mon, Mar 28, 2011 at 9:20 AM, vip killa vipki...@gmail.com wrote:
Is anyone using asterisk with fail2ban? I have it working except it takes
way more break-in attempts than what is set in maxretry in jail.conf
For example, I get an email saying:
The IP 199.204.45.19 has just been banned by
Yes I followed directions on that page
Running Asterisk 1.6.1.22, anybody else experiencing this?
On Mon, Mar 28, 2011 at 8:32 AM, Andrew Latham lath...@gmail.com wrote:
On Mon, Mar 28, 2011 at 9:20 AM, vip killa vipki...@gmail.com wrote:
Is anyone using asterisk with fail2ban? I have it
On 28 Mar 2011, at 14:19, vip killa wrote:
Yes I followed directions on that page
Running Asterisk 1.6.1.22, anybody else experiencing this?
How often does fail2ban check the logs? It can only block that often, so if
more attempts happen in that time period it can't do anything until it knows.
fail2ban checks the logs every second. Does asterisk buffer log output?
On Mon, Mar 28, 2011 at 9:27 AM, Steven Howes steve-li...@geekinter.netwrote:
On 28 Mar 2011, at 14:19, vip killa wrote:
Yes I followed directions on that page
Running Asterisk 1.6.1.22, anybody else experiencing this?
46 matches
Mail list logo