[VoiceOps] VoIP Abuse Project
carlos at televolve.com
Mon Sep 20 14:41:52 EDT 2010
Leandro Dardini wrote:
> I am sorry, but I really don't understand how fail2ban can be used
> against me.
It's a simple/easy DOS attack. If someone can send packets with a
spoofed source address, they can cause you to filter your upstream or
your client. For the upstream providers with static IPs, that should be
easy to fix with a whitelist. I don't believe that knowing your
customers' dynamic IPs is a realistic attack.
My experience with repeated attempts to crack SIP is that it only
happens to us if we have simple registration names (IE, registration
name is the extension number). We've gone away from that completely and
I can't recall the last time we saw someone try to brute force one of
our accounts. I see registration attempts against sequential numbers
(301, 302, 303.....) but since the accounts simply don't exist, there's
really little harm.
More information about the VoiceOps