[VoiceOps] DID's + Asterisk Security
Peter Beckman
beckman at angryox.com
Tue Aug 4 15:57:15 EDT 2009
On Tue, 4 Aug 2009, Hiers, David wrote:
> I've always been a bit slow on the draw with the whole "reflexively block
> an address" thing.
>
> It'd be just my luck to reflexively block one of my provider's
> addresses...
SSHguard uses a whitelist to prevent this. Additionally, you can specify
how many failed transactions occur in a period of time before you block,
and how long it is blocked before it is unblocked (automagically). A
legit but badly configured customer can DOS an Asterisk instance with AUTH
or register requests, and in this case, blocking them to allow legit
customers to connect actually does something good.
You can block after 100+ attempts in 1 minute for example, or 100 over an
hour. Your choice.
The fact that sshguard can be used for multiple services is where I
believe its power lies. If I can get socat working, sshguard can
dynamically block HTTP server scans (more than 100 404's in 1 minute for
example), block SIP AUTH scans, etc.
---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman at angryox.com http://www.angryox.com/
---------------------------------------------------------------------------
More information about the VoiceOps
mailing list