On 10/13/2011 8:22 AM, barisyanar wrote:
I have already defined an alarm for the VM login attempts with the
existing attempt limitation(3) in a session.
We may lock the account as in the issue description or block the IP
manually, but may be after a second attempt, i.e. assuming superadmin
is notified with the first.
But I am not sure about the idea of a "fail2ban integration(?)" in the
concept of this issue. Are we talking here about shipping sipx with
fail2ban and editing its configuration files after this failed
attempts in VM? Shouldn't this be implemented under a more general
issue that aims preventing call fraud etc.?
There are a few things to consider in finding a solution that works for you:
* Attacks can attempt logins on many accounts - locking that account
would lock out legitimate users
* You may have a more that one user coming from the same IP address
(branch office behind a firewall).
The best solution is locking the account and IP address combo from the
failed login attempt for a period of time. But that can only be done
from within sipx and sipx does not have that functionality yet.
Fail2ban, with modifications to the logging level of sipx can lock out
the IP address and send an admin email if you want. You can whitelist
IP's if they are a branch office behind a firewall. The only thing that
would make this more efficient is if sipx naturally logged auth/security
info into a separate log file.
This is nothing new in the world server security. You just have to look
at the many techniques used with locking down ssh servers for proven
solutions.
--
Regards
--------------------------------------
Gerald Drouillard
Technology Architect
Drouillard& Associates, Inc.
http://www.Drouillard.biz
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/
