>Michael Keuter wrote: >>> Dan Ryson wrote: >>>> All, >>>> >>>> It appears we're getting pounded by a kiddy script that's trying to >>>> guess passwords. It's generating ~1,350 password guesses and log >>>> entries per minute (see example below). Although I have strong >>>> passwords, I'd like to block this effort by blocking this IP address. >>>> >>>> What's the preferred way to block a dictionary attack in AstLinux? I'm >>>> presently using astlinux-0.6.4 on an x386 - with an external, hardware >>>> firewall. I'd prefer to not use IP Tables because I suspect any entries >>>> would be deleted whenever I upgrade versions. >>>> >>>> ~ Dan >>>> >>>> Registration from '"317" <sip:3...@72.93.15.14>' failed for >>>> '85.214.69.155' - Wrong password >>>> >>> Actually, they wouldn't. >>> >>> Look at using /etc/arno-iptables-firewall/blocked-hosts >>> >>> 85.214.69.155/32 >>> >>> is all you need in there. >>> >>> -Philip >> >> A problem in Astlinux is, that before you can add an attacker to the >> blocklist (when you see the attacks in realtime), the "/var/" >> partition will be full within 2-3 minutes just because of the growing >> syslog :-(. And from that point in time you do not have any logs at >> all. Is there a way that the rotated log can automatically zipped? > >You can set Arno's firewall not to log blocked attacks. That is an option. > >-- >Darrick Hartman
Hi Darrick, I know that, but when the attack starts (and you don't see the attack live) you don't know the attacker IP-address. Then the log messages are coming from Asterisk. And within 2-3 minutes /var/ is full by the log messages of Asterisk (not by the firewall). Michael ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensign option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
