Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba
-A INPUT -p udp --dport 5060 -m recent --set --name ASTERISK
-A INPUT -p udp --dport 5060 -m recent --update --seconds 15 --hitcount 10 --name ASTERISK -j DROP
Fail2ban can whitelist IPs or ranges of IPs, so no worries at this part for us, in our scenario. Plus this way we also monitor apache and several other logs.williamconley wrote:we have had a few clients who had been set up on that. false positive from a bad soft phone password entry ... and an entire room suddenly loses access to the system.
also, after the "bots" realize they CAN try, they'll hammer away even after fail2ban locks them out (and the result is a Denial of Service).
so we like the whitelist system. pure stealth.
so far, we've never had a single problem with a site that launched with the whitelist in place already. and for those added later, within a week all the problems have gone away. (usually within a day, and often immediately)
so far.
Return to ViciBox Server Install and Demo
Users browsing this forum: No registered users and 96 guests