[VoiceOps] DID's + Asterisk Security

Peter Beckman beckman at angryox.com
Tue Aug 4 15:57:15 EDT 2009

On Tue, 4 Aug 2009, Hiers, David wrote:

> I've always been a bit slow on the draw with the whole "reflexively block
> an address" thing.
> It'd be just my luck to reflexively block one of my provider's
> addresses...

  SSHguard uses a whitelist to prevent this.  Additionally, you can specify
  how many failed transactions occur in a period of time before you block,
  and how long it is blocked before it is unblocked (automagically).  A
  legit but badly configured customer can DOS an Asterisk instance with AUTH
  or register requests, and in this case, blocking them to allow legit
  customers to connect actually does something good.

  You can block after 100+ attempts in 1 minute for example, or 100 over an
  hour.  Your choice.

  The fact that sshguard can be used for multiple services is where I
  believe its power lies.  If I can get socat working, sshguard can
  dynamically block HTTP server scans (more than 100 404's in 1 minute for
  example), block SIP AUTH scans, etc.

Peter Beckman                                                  Internet Guy
beckman at angryox.com                                 http://www.angryox.com/

More information about the VoiceOps mailing list