I've noticed from time to time, that fail2ban just craps out, so, this might be of interest to the community assuming you use 192.168.100.0/24 on your network
iptables -A INPUT -s 192.168.100.0/24 -j ACCEPT iptables -A INPUT -s carrierip.x.x.x -j ACCEPT iptables -A INPUT -s 127.0.0.1 -j ACCEPT iptables -A INPUT -p udp -m udp -s carrierip.x.x.x --destination-port 5060 -j ACCEPT iptables -A INPUT -p udp -m udp -s carrierip.x.x.x --destination-port 10000:20000 -j ACCEPT iptables -A INPUT -p udp -m udp --destination-port 5060 -j DROP iptables -A INPUT -p udp -m udp --destination-port 10000:20000 -j DROP iptables -A INPUT -p udp -m udp --destination-port 4000:4999 -j DROP iptables -A INPUT -p udp -m udp --destination-port 4569 -j DROP iptables -A INPUT -p tcp -m tcp --destination-port 5038 -j DROP iptables -A INPUT -p tcp -m tcp --destination-port 22 -j DROP iptables -A INPUT -p udp -m udp --destination-port 22 -j DROP iptables -A OUTPUT -o eth0 -p all -j ACCEPT iptables -A OUTPUT -o eth1 -p all -j ACCEPT iptables -A INPUT -i eth0 -p all -j ACCEPT iptables -A INPUT -i eth1 -p all -j ACCEPT iptables -P INPUT DROP 2010/7/2 Jonathan González <jonathan....@gmail.com> > Same activity from these IPs: > 174.129.137.135 > 89.35.123.12 > 209.20.66.234 > 184.73.30.42 > 184.73.44.61 > 87.106.187.137 > 194.44.244.187 > 203.55.198.100 > 209.76.47.11 > 94.74.229.229 > 93.184.79.59 > 209.62.53.242 > > > > > On Thu, Jul 1, 2010 at 10:56 PM, Jamie A. Stapleton < > jstaple...@computer-business.com> wrote: > >> The IP 69.175.35.186 has just been banned by Fail2Ban after 293 attempts >> against our server. >> >> >> >> >> >> *From:* asterisk-users-boun...@lists.digium.com [mailto: >> asterisk-users-boun...@lists.digium.com] *On Behalf Of *John Timms >> *Sent:* Thursday, July 01, 2010 11:32 AM >> *To:* Asterisk Users Mailing List - Non-Commercial Discussion >> *Subject:* Re: [asterisk-users] Brute force attacks >> >> >> >> On Thu, Jul 1, 2010 at 9:16 AM, Ishfaq Malik <i...@pack-net.co.uk> wrote: >> >> Hi >> >> We've just noticed attempts (close to 200000 attempts, sequential peer >> numbers) at guessing peers on 2 of out servers and thought I'd share the >> originating IPs with the list in case anyone wants to firewall them as we >> have done >> >> 109.170.106.59 >> 112.142.55.18 >> 124.157.161.67 >> >> Ish >> >> -- >> Ishfaq Malik >> Software Developer >> PackNet Ltd >> >> Office: 0161 660 3062 >> >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> New to Asterisk? Join us for a live introductory webinar every Thurs: >> http://www.asterisk.org/hello >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users >> >> >> >> >> >> We have noticed the same sort of activity on our server. >> The originating IP addresses attempting access were: >> >> >> >> 204.9.204.145 (hosted at U.S. Colo, I believe) >> >> 91.203.132.149 (Nephax) >> >> 130.70.157.186 (University of Louisiana) >> >> 61.160.121.46 (Chinanet) >> >> 109.170.0.10 (ReasonUP Ltd) >> >> >> >> -- >> John Timms >> IT Department - Gnoso Inc. >> j...@gnoso.com >> -- >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> New to Asterisk? Join us for a live introductory webinar every Thurs: >> http://www.asterisk.org/hello >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users >> > > > > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- Matthew Desbiens //* EOF *//
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users