This is turning into a political issue such as the one in Washington and the impending default on US debt. The point is that a minor change in the code would have a dramatic effect on security, and carry a lower impact on CPU that using Iptables. The simplicity of the change cannot understated. The hackers do not continue sending packets with new REGISTER attempts unless they see a response. The would move on. Digium is being monarchical about this. It looks like a loss of contact with reality. The vast ecosystem of Digium is made of hundreds of people like me. I am being forced now to place Opensips in front of Asterisk, in port 5060, set Asterisk to listen at Port 5061, and block access to 5061 from outside. Instead of a minor change, I have to bring a second application to the picture. The reason why I find useless using iptables and a rule that bans an IP address if it communicates more than a threshold of times, is simple. I have customers that hit me 10+ times per seconds from the same IP. It would look like a hacker, and it is not. I use a cluster of Asterisk in the same box, a big server, and each asterisks listens in its own network interface, and responds from it. It does work. But iptables or fail2ban would not work in a wholesale scenario. Any way, thanks for your attention.
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
