[VoiceOps] VoIP Abuse Project
Jay Hennigan
jay at west.net
Mon Sep 20 15:19:45 EDT 2010
On 9/20/10 9:38 AM, Leandro Dardini wrote:
> I am sorry, but I really don't understand how fail2ban can be used
> against me. The only drawback of fail2ban is when inside a large private
> organization using NAT and exiting on Internet with a single (or small
> pool of) IP, some evil colleagues can send a bunch of wrong REGISTER
> requests and trigger fail2ban to filter the IP preventing legitimate
> users from within the same organization to access your service. This can
> happen once, then the good sysadmin of the organization will snoop the
> traffic and catch the evil colleagues.
In most cases SIP transactions are UDP, hence trivially spoofed. An
attacker can generate failed registration/authentication attempts
spoofed from your customer or peer IPs. Fail2ban will then lock out
your legitimate traffic.
It can also cause issues where a single misconfigured phone or device
can cause an entire NAT site to be blocked. Fail2ban can be a useful
tool but should be used with caution in this application.
--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service - http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
More information about the VoiceOps
mailing list