Hello
I need to connect an Asterisk server to the Net so that 1) remote users can register and 2) Internet users can ring any extension on the server.
I need a way to prevent hackers from trying to register, so the server will also have iptables installed.
But I was wondering what solution to use to block brute force attempts:
- just rely on iptables since it offers a way, eg. "iptables -I INPUT -p udp --dport 5060 -m state --state NEW -m recent --update --seconds 600 --hitcount 2 -j DROP"
- add Brute Force Detection (BFD), which is a shell script that is called by CRON (ie. every minute at most)
- add SSHGuard, which is apparently a stand-alone binary program that doesn't rely on CRON
If you have installed Asterisk and iptables, which solution did you end up using?
Thank you.