[iptables] How to block brute force attacks?

littlebigman · 04-05-2011, 03:44 AM

Hello

I need to connect an Asterisk server to the Net so that 1) remote users can register and 2) Internet users can ring any extension on the server.

I need a way to prevent hackers from trying to register, so the server will also have iptables installed.

But I was wondering what solution to use to block brute force attempts:

just rely on iptables since it offers a way, eg. "iptables -I INPUT -p udp --dport 5060 -m state --state NEW -m recent --update --seconds 600 --hitcount 2 -j DROP"
add Brute Force Detection (BFD), which is a shell script that is called by CRON (ie. every minute at most)
add SSHGuard, which is apparently a stand-alone binary program that doesn't rely on CRON

If you have installed Asterisk and iptables, which solution did you end up using?

Thank you.

bathory · 04-05-2011, 04:05 AM

Hi,

I don't use Asterisk, but I would use fail2ban. An in fact there is a regex for Asterisk in fail2ban site.

Regards

littlebigman · 04-05-2011, 04:48 AM

Sorry, forgot to say it's an embedded Linux, so fail2ban won't do because it requires Python and there isn't enough RAM for this.