One word: Rubbish On Sat, Oct 30, 2010 at 9:33 PM, Joel Maslak <[email protected]> wrote: > No. It seems that opening up some sort of automatic blocking could cause an > attacker forging packets to block legitimate endpoints. It also seems like > they won't get in with good passwords, so it isn't actually accomplishing > something to worry about the script kiddies if you have good passwords. And > this blocking won't actually stop someone with a zero day attack or who is > sophisticated and can attack from many IP addresses - these are the real > threats for people with good passwords. > > The CPU usage is trivial to deny them. As is the bandwidth usage, if you are > not sitting on a slowish broadband connection. > > Sure blocking doesn't hurt, but does the help it provides exceed the > downsides (effort and risk of blocking legitimate users)? I suspect it > doesn't...if you have strong passwords. If you have weak passwords, you > should fix that. > > It also seems that the only way to make blocking effective is to block > everything by default except known endpoints. Blocking the door knickers > doesn't protect against a bad guy finding (not through brute force) valid > credentials. > > For me, monitoring outbound call volume makes a lot more sense. I would love > to see an easy to use, out of the box method to alert me if more than "x" > number of erlangs* are exceeded within a five minute, sixty minute, and one > day time period. For me, I would want alerting on more than 10 erlangs over > five minutes, 8 over an hour, and 2 over a day. Exceeding these would likely > indicate fraud for my installation. Smaller sites would use smaller numbers, > larger ones would use bigger ones. > > *erlang: one erlang represents full utilization of a single call path over > the monitoring period. The monitoring period is usually one hour, but can be > anything (5, 60, or 1440 minutes in this case). > > On Oct 30, 2010, at 6:53 PM, C F <[email protected]> wrote: > >> You kidding? >> >> On Sat, Oct 30, 2010 at 3:43 PM, Joel Maslak <[email protected]> wrote: >>> Is there really any benefit to blocking these, if you use good passwords? >>> >>> On Sat, Oct 30, 2010 at 1:20 PM, Warren Selby <[email protected]> wrote: >>>> >>>> I'm experiencing this on one of my clients servers. The attack is >>>> ongoing. >>>> >>>> Thanks, >>>> --Warren Selby >>>> On Oct 30, 2010, at 2:28 PM, Zeeshan Zakaria <[email protected]> wrote: >>>> >>>> My main asterisk server is under unusual heavy attack, and so far Fail2Ban >>>> has blocked about 30 IPs, from various different countries. At this time it >>>> is blocking about 1 IP address every few minutes. >>>> >>>> Just wondering if anybody else is also experiencing unusually increased >>>> hack attempts today? >>>> >>>> Zeeshan A Zakaria >>>> >>>> -- >>>> www.ilovetovoip.com >>>> www.pbxforall.com (beta) >>>> >>>> -- >>>> _____________________________________________________________________ >>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>>> New to Asterisk? Join us for a live introductory webinar every Thurs: >>>> http://www.asterisk.org/hello >>>> >>>> asterisk-users mailing list >>>> To UNSUBSCRIBE or update options visit: >>>> http://lists.digium.com/mailman/listinfo/asterisk-users >>>> >>>> -- >>>> _____________________________________________________________________ >>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>>> New to Asterisk? Join us for a live introductory webinar every Thurs: >>>> http://www.asterisk.org/hello >>>> >>>> asterisk-users mailing list >>>> To UNSUBSCRIBE or update options visit: >>>> http://lists.digium.com/mailman/listinfo/asterisk-users >>> >>> >>> -- >>> _____________________________________________________________________ >>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>> New to Asterisk? Join us for a live introductory webinar every Thurs: >>> http://www.asterisk.org/hello >>> >>> asterisk-users mailing list >>> To UNSUBSCRIBE or update options visit: >>> http://lists.digium.com/mailman/listinfo/asterisk-users >>> >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> New to Asterisk? Join us for a live introductory webinar every Thurs: >> http://www.asterisk.org/hello >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
