Leandro Dardini wrote:
I am sorry, but I really don't understand how fail2ban can be used against me.
It's a simple/easy DOS attack. If someone can send packets with a spoofed source address, they can cause you to filter your upstream or your client. For the upstream providers with static IPs, that should be easy to fix with a whitelist. I don't believe that knowing your customers' dynamic IPs is a realistic attack. My experience with repeated attempts to crack SIP is that it only happens to us if we have simple registration names (IE, registration name is the extension number). We've gone away from that completely and I can't recall the last time we saw someone try to brute force one of our accounts. I see registration attempts against sequential numbers (301, 302, 303.....) but since the accounts simply don't exist, there's really little harm. -- Carlos Alvarez TelEvolve 602-889-3003