On 04/04/2013 10:47 AM, Per Jessen wrote:
Our asterisk server is seeing numerous brute force attempts to get access to a SIP account. I've tried setting up a 'prevent flood' config with iptables, but wihtout much success. fail2ban et al does not work, so I was hoping someone might have a hint wrt an iptables setup to stop such brute force attacks?
Well not the answer you are looking for, but don't find yourself alone in this game, as my server is also under brute force attack, and no till now I have not been able to find any solution also, I have tried all the approaches you have tried but no success. I can't find a way to block as most of these attacks are logged as below where XXX is my servers own address, hence fail2ban unfortunately fails , or I can't find a better way to get the attackers' ip address. 100000<sip:100000@XXX.XXX.XXX.XX>;tag=eb6db4c6 So if you find a solution please share, as this issue is nerving me for a long time now Togan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org