On Fri, 2009-01-09 at 16:49 +0000, Steve Howes wrote: > On 9 Jan 2009, at 16:36, Klaus Darilion wrote: > > Hi! > > > > I want to detect brute-force password hacking attacks - thus if there > > are too many failed login attempts for a SIP account I want to "lock" > > this account. > > > > Does somebody have any ideas how this could be implemented? > > Bad plan? Could quite easily turn into a DoS.
Could this be done at the IP tables level? Or maybe you could write a script that monitors the asterisk logs and detects failed login attempts then adds problematic IP address to hosts.deny. I know of several ssh blocking scripts that work this way. -- Matthew Nicholson Digium, Inc. | Software Developer _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
