[Spce-user] SPCE Security alert
Lorenzo Mangani
lorenzo.mangani at gmail.com
Wed Apr 30 07:39:01 EDT 2014
You could also consider actively crashing the offenders IP on log hits
alongside the banning (using either svcrash.py, Homer Kill-Vicious tool, or
sipgrep 2.0 -J or your own solution)
Best,
Lorenzo Mangani
HOMER DEV TEAM
QXIP - Capture Engineering
Desk: +1 (202) 470-5312
Mobile: +31 6 4603-2730
On Wed, Apr 30, 2014 at 1:26 PM, Norbert Piper
<norbert.piper at telenoise.de>wrote:
> USE GEOIP ban instead of fail2ban
>
>
>
> J
>
>
>
> *Von:* spce-user-bounces at lists.sipwise.com [mailto:
> spce-user-bounces at lists.sipwise.com] *Im Auftrag von *Tabi Tabe Tabi
> *Gesendet:* Mittwoch, 30. April 2014 13:18
> *An:* spce-user at lists.sipwise.com
> *Betreff:* [Spce-user] SPCE Security alert
>
>
>
> Hi,
>
>
>
> I just realized one of my test SPCE servers is under heavy friendly
> scanner and SIPViscious attack. This happened 30 minutes after I exposed
> the server to the Internet. I found the following IP addresses in Banned IP:
>
>
>
> 1. 199.231.48.5
>
> 2. 188.138.4.216
>
> 3. 109.230.245.113
>
> 4. 31.3.240.251
>
> 5. 41.221.11.46
>
> 6. 46.165.220.215
>
> 7. 70.34..120.248
>
> 8. 79.143.83.4
>
> I am using iptables to drop the packets and have seen drop in
> resource utilization on the server.
>
> Does any one have recommendation for implementation of fail2ban on SIPWise?
>
>
>
> Thanks.
>
>
>
> --
> ...Tabi
>
>
>
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> http://lists.sipwise.com/listinfo/spce-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20140430/bfd34d6b/attachment-0001.html>
More information about the Spce-user
mailing list