Hi Gilles, Just to provide an alternative to sshguard: you could use BFD[1] (based on bash scripts) and configure it to use iptables to block the attacker host. The default configuration is to check the logs at each 3 minutes (using a crontab entry).
BFD rules for Asterisk could be found here [2] - tested on Asterisk 1.4 Our BAN command looks like: "(/sbin/iptables -n -L | grep DROP | grep $ATTACK_HOST) || /sbin/ipttables -I INPUT -s $ATTACK_HOST -j DROP" HTH, Ioan [1] http://www.rfxn.com/projects/brute-force-detection/ [2] http://www.modulo.ro/Modulo/downloads/tools/tenora.bfd.tar.gz On Wed, Mar 30, 2011 at 12:51 AM, Gilles <codecompl...@free.fr> wrote: > On Tue, 29 Mar 2011 23:09:06 +0200, ad...@3a.hu wrote: >>On 03-29-2011 19:25, Steve Edwards wrote: >>> Really? How many callers are you expecting from North Korea, Libya, China, >>> Iran, etc? >>after reviewing last week's log i'd say around 25-28k/min :) > > So it looks like I should check out sshguard instead of relying on > blocks of IP's :-) > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users