Diff from version 88 to 90 (current)
| @@ -333,6 +333,6 @@ |
| * For those who may want a bit of additional security, this thread on [http://pbxinaflash.com/forum/showthread.php?t=5018|iptables rate limiting] at the [http://pbxinaflash.com/forum/index.php|PBX in a Flash Forum] discusses a possible way to limit the number of attempts a bot can make at registering before fail2ban kicks in (e.g., if the bot is so fast it can make many attempts before fail2ban detects that many > 3). | | * You may also want to consider adding ((Asterisk security through geographic IP address restriction)) | | * See [http://www.opensolutions.ie/blog/2010/09/sip-brute-force-attacks/] for a quick howto on using Fail2ban with Ubuntu/Debian as well as some discussion on SIP brute force attacks. | | -* An alternative to fail2ban which is more simple (but of course less configurable) [http://www.dumaisnet.ca/index.php?article=35794ced17be93fdb1a28f73f754512c] | | +* An alternative to fail2ban which is more simple (but of course less configurable). __New version__ using Perl Net::Pcap. Unlike fail2ban, this tool does not peek into asterisk logs. [http://www.dumaisnet.ca/index.php?article=35794ced17be93fdb1a28f73f754512c] | | * Alternate using __Perl__ and __iptables__: [http://www.teamforrest.com/blog/171/asterisk-no-matching-peer-found-block/|Team Forrest - Automatically Block Failed SIP Peer Registrations] | | * You can also use the free [http://www.network-systems-solutions.net/voipblocklist.php|VoIP Block List] by itself or combined with fail2ban to protect your server. This is a list of hostile IP addresses you should consider proactively blocking - the IPs are gathered from various honey-pots and from other VoIP users who report hacking attempts on their systems to the list. |
|
|
| User | Comment | Time | Version |
|---|
| dumais | | 2015-03-30 10:55 | 90 |
| dumais | | 2015-03-30 10:51 | 89 |