On 27 Jul 2011, at 17:11, CDR wrote: > This is turning into a political issue such as the one in Washington > and the impending default on US debt.
No, YOU are turning this into a political discussion. > The point is that a minor change > in the code would have a dramatic effect on security, and carry a > lower impact on CPU that using Iptables. The simplicity of the change > cannot understated. The hackers do not continue sending packets with > new REGISTER attempts unless they see a response. The would move on. Much as they do after you firewall them out. Have you ever tried? No? Too busy blaming others is suspect. > Digium is being monarchical about this. Why do you keep blaming Digium? Asterisk is made by a community. > It looks like a loss of contact with reality. Couldn't agree more. > The vast ecosystem of Digium is made of hundreds > of people like me. I am being forced now to place Opensips in front of > Asterisk, in port 5060, set Asterisk to listen at Port 5061, and block > access to 5061 from outside. Instead of a minor change, I have to > bring a second application to the picture. There, problem solved. > The reason why I find useless using iptables and a rule that bans an > IP address if it communicates more than a threshold of times, is > simple. I have customers that hit me 10+ times per seconds from the > same IP. It would look like a hacker, and it is not. Which is why you don't use packet count, you look in the logs for auth failures. > I use a cluster of Asterisk in the same box, a big server, and each asterisks > listens > in its own network interface, and responds from it. It does work. But > iptables or fail2ban would not work in a wholesale scenario. > Any way, thanks for your attention. Sure it would. If they're hacking one, you can block them from the lot.. I see no problem. Just make it look at all of the logs. S -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
