[Spce-user] SPCE Security alert
Daniel Grotti
dgrotti at sipwise.com
Wed Apr 30 07:36:29 EDT 2014
Hi,
I would not suggest GEOIP module cause it's still quite unstable on
Kamailio.
You can find a lot of documentation how to install and configure
fail2ban with kamailio.
Regarding how to merge it into NGCP, I suggest you to check the LB log
in case of banned IPs. You should see a log line like
"IP banned" or "temporarely banned".
Daniel
On 04/30/2014 01:26 PM, Norbert Piper wrote:
> USE GEOIP ban instead of fail2ban
>
>
>
> J
>
>
>
> *Von:*spce-user-bounces at lists.sipwise.com
> [mailto:spce-user-bounces at lists.sipwise.com] *Im Auftrag von *Tabi Tabe Tabi
> *Gesendet:* Mittwoch, 30. April 2014 13:18
> *An:* spce-user at lists.sipwise.com
> *Betreff:* [Spce-user] SPCE Security alert
>
>
>
> Hi,
>
>
>
> I just realized one of my test SPCE servers is under heavy friendly
> scanner and SIPViscious attack. This happened 30 minutes after I exposed
> the server to the Internet. I found the following IP addresses in Banned IP:
>
>
>
> 1. 199.231.48.5
>
> 2. 188.138.4.216
>
> 3. 109.230.245.113
>
> 4. 31.3.240.251
>
> 5. 41.221.11.46
>
> 6. 46.165.220.215
>
> 7. 70.34..120.248
>
> 8. 79.143.83.4
>
> I am using iptables to drop the packets and have seen drop in
> resource utilization on the server.
>
> Does any one have recommendation for implementation of fail2ban on SIPWise?
>
>
>
> Thanks.
>
>
>
> --
> ...Tabi
>
>
>
>
>
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> http://lists.sipwise.com/listinfo/spce-user
>
More information about the Spce-user
mailing list