[ale] any suggestions on an automated method for blocking repeated failed ssh login attempts?

Chris Fowler cfowler at outpostsentinel.com
Thu Dec 23 10:30:06 EST 2010


On Thu, 2010-12-23 at 10:20 -0500, Matty wrote:
> fail2ban works pretty well:
> 
> http://www.fail2ban.org/wiki/index.php/Main_Page
> 
> 

ditto

I use fail2ban with Asterisk to block brute force sip registration
attempts.  Earlier this year we had a successful attack that cost up $70
in SIP fees!!  I then install fail2ban and then used randomly generated
long passwords on the phones.  Problem solved.

The password change and cleanup of the sip.conf file really helped but
it is nice to know that if someone tries too hard they will be blocked.
While I was configuring the phones with the new passwords some of our
phones were blocked by fail2ban.  It works.







More information about the Ale mailing list