LISTSERV mailing list manager LISTSERV 16.0

Help for LINUX-L Archives


LINUX-L Archives

LINUX-L Archives


LINUX-L@LISTS.UFL.EDU


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Proportional Font

LISTSERV Archives

LISTSERV Archives

LINUX-L Home

LINUX-L Home

LINUX-L  2010

LINUX-L 2010

Subject:

Re: SIP Flood attacks from EC2 cloud

From:

Jon Lewis <[log in to unmask]>

Reply-To:

Platform Independent Linux List! <[log in to unmask]>

Date:

Tue, 13 Apr 2010 14:25:37 -0400

Content-Type:

TEXT/PLAIN

Parts/Attachments:

Parts/Attachments

TEXT/PLAIN (25 lines)

On Tue, 13 Apr 2010, Fred Posner wrote:

> I didn't want fail2ban as I'm already using blockhosts, which I just 
> love. Since it's a UDP connection without the ability to spawn, I 
> figured if I had to cron something I'd just do it myself. The reason I 
> didn't do the tail was just out of a quickness in writing the script. My 
> log rotate is weekly... so the tail method I didn't think would handle a 
> single probe daily... whereas the quick log read would, taking less than 
> a second on large logs. So it was a "pure laziness" approach of not 
> having to write a counting log or similar.

I'm not sure there's any reason you couldn't use both blockhosts and 
fail2ban and just use each for different things.  File::Tail is just a bit 
of code for perl to keep a [log] file open for reading.  It handles 
reopening the file for you if the file is rotated.  What your program does 
with the data gotten via File::Tail is up to it.  Are you really 
worried about someone trying one auth per day though?  OTOH, can there 
really be any legitimate SIP access from Amazon EC2?  Why not just use a 
few iptables rules to block all of EC2's IP space?

----------------------------------------------------------------------
  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

Top of Message | Previous Page | Permalink

Advanced Options


Options

Log In

Log In

Get Password

Get Password


Search Archives

Search Archives


Subscribe or Unsubscribe

Subscribe or Unsubscribe


Archives

2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997

ATOM RSS1 RSS2



LISTS.UFL.EDU

CataList Email List Search Powered by the LISTSERV Email List Manager