On 9/20/10 9:38 AM, Leandro Dardini wrote:
I am sorry, but I really don't understand how fail2ban can be used against me. The only drawback of fail2ban is when inside a large private organization using NAT and exiting on Internet with a single (or small pool of) IP, some evil colleagues can send a bunch of wrong REGISTER requests and trigger fail2ban to filter the IP preventing legitimate users from within the same organization to access your service. This can happen once, then the good sysadmin of the organization will snoop the traffic and catch the evil colleagues.
In most cases SIP transactions are UDP, hence trivially spoofed. An attacker can generate failed registration/authentication attempts spoofed from your customer or peer IPs. Fail2ban will then lock out your legitimate traffic. It can also cause issues where a single misconfigured phone or device can cause an entire NAT site to be blocked. Fail2ban can be a useful tool but should be used with caution in this application. -- Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV