Rodrigo Lang wrote: > Hello list. > > I'm trying to find a way to block any ip that tries to login more than > three times with the wrong password and try to log in three different > extensions. For I have suffered some brute force attacks on my asterisk > in the morning period. > > The idea would be: Any ip with three attempts without success to log > into an extension is blocked. > > Is there any way to accomplish this directly by the asterisk? Or is > there some kind of asterisk spit this information via the AMI? > > I was wondering to make a Java program to listen to the AMI and create a > rule in iptables for ip in specific. > > Does anyone have any suggestions? > > > Thanks, > Rodrigo Lang. > Does asterisk log the failed attempts to a file? If so then you could use sshblack to monitor the file for incorrect logins. It will add firewalls rules to a custom iptables chain based on various criteria. You can then point incoming SIP connections through this chain so offenders will be forewalled for a specific amount of time. http://www.pettingers.org/code/sshblack.html
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
