Well said. Whether sipx has the functionality to auto block an ip for a specified period or not depends on getting that functionality internally.
"If" the ip addresses are logged into a file, a remote firewall can potentially harvest them, and when/if sipx has these functionalities, it could also. It would be nice to have an alarm (that an admin can alter), but also have a log file(s) with the current banned IP addresses and an archive of the log file with the IP address and the failed attempts that are date/timestamped, probably comma delimited or xml so these can be parsed, reported and harvested for other security uses internally. It would also be nice to be able to specify these files locations on a remote server. On Thu, Oct 13, 2011 at 8:58 AM, Gerald Drouillard <[email protected]>wrote: > On 10/13/2011 8:22 AM, barisyanar wrote: > > I have already defined an alarm for the VM login attempts with the existing > attempt limitation(3) in a session. > We may lock the account as in the issue description or block the IP > manually, but may be after a second attempt, i.e. assuming superadmin is > notified with the first. > > But I am not sure about the idea of a "fail2ban integration(?)" in the > concept of this issue. Are we talking here about shipping sipx with fail2ban > and editing its configuration files after this failed attempts in VM? > Shouldn't this be implemented under a more general issue that aims > preventing call fraud etc.? > > There are a few things to consider in finding a solution that works for > you: > > - Attacks can attempt logins on many accounts - locking that account > would lock out legitimate users > - You may have a more that one user coming from the same IP address > (branch office behind a firewall). > > The best solution is locking the account and IP address combo from the > failed login attempt for a period of time. But that can only be done from > within sipx and sipx does not have that functionality yet. > > Fail2ban, with modifications to the logging level of sipx can lock out the > IP address and send an admin email if you want. You can whitelist IP's if > they are a branch office behind a firewall. The only thing that would make > this more efficient is if sipx naturally logged auth/security info into a > separate log file. > > This is nothing new in the world server security. You just have to look at > the many techniques used with locking down ssh servers for proven solutions. > > -- > Regards > -------------------------------------- > Gerald Drouillard > Technology Architect > Drouillard & Associates, Inc.http://www.Drouillard.biz > > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.465.6833 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Helpdesk Contract Customers: http://support.myitdepartment.net <http://support.myitdepartment.net>Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 Ask about our Internet Fax services!
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
