Check out this howto: http://engineertim.com/?p=16
Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 ----- "Michiel van Baak" <mich...@vanbaak.info> wrote: > On 11:04, Fri 09 Jan 09, Matthew Nicholson wrote: > > On Fri, 2009-01-09 at 16:49 +0000, Steve Howes wrote: > > > On 9 Jan 2009, at 16:36, Klaus Darilion wrote: > > > > Hi! > > > > > > > > I want to detect brute-force password hacking attacks - thus if > there > > > > are too many failed login attempts for a SIP account I want to > "lock" > > > > this account. > > > > > > > > Does somebody have any ideas how this could be implemented? > > > > > > Bad plan? Could quite easily turn into a DoS. > > > > Could this be done at the IP tables level? Or maybe you could write > a > > script that monitors the asterisk logs and detects failed login > attempts > > then adds problematic IP address to hosts.deny. I know of several > ssh > > blocking scripts that work this way. > > I think fail2ban can do this. > It has a configuration file where you can list your logs and regexp > matches in this logfile. > > I use fail2ban on linux to detect those types of attacks on my ftp, > imap, pop3, smtp+sasl, ssh etc etc > > It can take action by blocking the ip for a specified period. > The block can be configured. iptables, hosts.deny, pf, ipfw, > custom-script-to-send-block-rule-to-cisco-pix,whatever. > > http://www.fail2ban.org/wiki/index.php/Main_Page > > > > > -- > > Matthew Nicholson > > Digium, Inc. | Software Developer > > > > > > _______________________________________________ > > -- Bandwidth and Colocation Provided by http://www.api-digital.com > -- > > > > asterisk-users mailing list > > To UNSUBSCRIBE or update options visit: > > http://lists.digium.com/mailman/listinfo/asterisk-users > > -- > > Michiel van Baak > mich...@vanbaak.eu > http://michiel.vanbaak.eu > GnuPG key: > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD > > "Why is it drug addicts and computer aficionados are both called > users?" > > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users