Besides following security best practices (complex secrets, not allowing
unknown ip's, vpn's, etc), there are a number of tools available which
look for these particular type of hack attempts.
Take a look at Fail2ban and the howto with Astersk here
http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk
(although I had to modify their rules slightly)
Fail2ban can also look for other hack attempts in ssh, apache, ftp as well
or
apf - http://rfxnetworks.com/apf.php
bfd - http://rfxnetworks.com/bfd.php
APF stands for Advanced Policy Firewall. This is used to control
iptables on the
system to allow or disallow ports to be open. APF has additional
features that make it
stand out above the rest. Reactive address blocking (RAB), QoS (TOS), direct
integration with BFD, many many more, see site for full details.
BFD stands for Brute Force Detection. This is used to monitor any
failed logins
and block IP addresses from getting in. This runs as a cron daemon and
works perfectly
with APF.
The best security is security in depth, which means using multiple,
different methods of protecting an environment.
HTH
Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
