Bill Michaelson
2011-Apr-05 19:45 UTC
[asterisk-users] asterisk-users Digest, Vol 81, Issue 12
On 04/05/2011 03:06 PM, asterisk-users-request at lists.digium.com wrote:> Message: 12 > Date: Tue, 5 Apr 2011 13:36:21 -0500 > From: Sherwood McGowan<sherwood.mcgowan at gmail.com> > Subject: Re: [asterisk-users] Iptables configuration to handle brute, > force registrations? > To: Asterisk Users Mailing List - Non-Commercial Discussion > <asterisk-users at lists.digium.com> > Cc: Bill Michaelson<bill at cosi.com> > Message-ID:<BANLkTimQrbfMQpOiNRPHr_RjekOLbWPYGg at mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > On Tue, Apr 5, 2011 at 1:31 PM, Bill Michaelson<bill at cosi.com> wrote: > >> > fail2ban might be good for this. >> > >> > > I think you missed the point, which is reducing the need for an external > application that searches logs in order to determine whether or not to block > an IP. > > Why run fail2ban and add overhead when you can just do the same thing with > iptables itself?I apologize for jumping into the middle without reading the beginning of the discussion in which this central requirement to avoid an external application was stated, as I now infer from Mr. McGowan. Sorry for missing the point. I'll have to read up on fail2ban also. I thought it monitored the tails of logs. I did not know that it searched them. My intent was to suggest using an established tool that would consolidate the IP blocking and unblocking function for all ports into a single application without imposing additional maintenance overhead of new code for this purpose. Obviously, I'm not seeing the big picture. Sorry for my myopic comments and for cluttering the list. I won't make the mistake of offering worthless contributions in the future. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110405/0085bb33/attachment.htm> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5994 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110405/0085bb33/attachment.bin>
Sherwood McGowan
2011-Apr-06 06:45 UTC
[asterisk-users] asterisk-users Digest, Vol 81, Issue 12
On 4/5/2011 2:45 PM, Bill Michaelson wrote:> > > On 04/05/2011 03:06 PM, asterisk-users-request at lists.digium.com wrote: >> Message: 12 >> Date: Tue, 5 Apr 2011 13:36:21 -0500 >> From: Sherwood McGowan <sherwood.mcgowan at gmail.com> >> Subject: Re: [asterisk-users] Iptables configuration to handle brute, >> force registrations? >> To: Asterisk Users Mailing List - Non-Commercial Discussion >> <asterisk-users at lists.digium.com> >> Cc: Bill Michaelson <bill at cosi.com> >> Message-ID: <BANLkTimQrbfMQpOiNRPHr_RjekOLbWPYGg at mail.gmail.com> >> Content-Type: text/plain; charset="iso-8859-1" >> >> On Tue, Apr 5, 2011 at 1:31 PM, Bill Michaelson <bill at cosi.com> wrote: >> >>> > fail2ban might be good for this. >>> > >>> > >> I think you missed the point, which is reducing the need for an external >> application that searches logs in order to determine whether or not to block >> an IP. >> >> Why run fail2ban and add overhead when you can just do the same thing with >> iptables itself? > I apologize for jumping into the middle without reading the beginning > of the discussion in which this central requirement to avoid an > external application was stated, as I now infer from Mr. McGowan. > Sorry for missing the point. > > I'll have to read up on fail2ban also. I thought it monitored the > tails of logs. I did not know that it searched them. > > My intent was to suggest using an established tool that would > consolidate the IP blocking and unblocking function for all ports into > a single application without imposing additional maintenance overhead > of new code for this purpose. Obviously, I'm not seeing the big > picture. Sorry for my myopic comments and for cluttering the list. I > won't make the mistake of offering worthless contributions in the future. > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users*grabs a bucket of water*..... My my my, I think I need some hipwaders.....Was that a Caterpillar brand roadgrader you were using to spread that sarcasm on so thick? My reply to your statement about fail2ban was not intended to be rude/sarcastic/mean...After being a complete jackass on this list a few times in the last 6 months, I realized that I was, and I've kept my flamethrower in storage as of late... I wasn't trying to chastise you, or whatever you may have thought from my reply. My reply may have not necessarily been constructive either, but give a recovering threadflamer a little credit, there wasn't really even a spark in my email... Slainte all, I'm off to bed -- Sherwood McGowan <sherwood.mcgowan at gmail.com> Carrier, ITSP, Call Center, and PBX Solutions Consultant