Rhett Bassett wrote:
What's not to like?
The fact that if you used fail2ban, I can insert whatever network I like via packetcrafting and give you headaches for days. Imagine that for a moment - blocking I don't know say... 0.0.0.0 or better yet, if someone has an axe to grind with you and is capable (not difficult) of tracking down your address ranges. They could do some really cruddy stuff like have your own servers/netblocks block themselves out, have your servers block out your default route and the list goes on and on. This was a huge issue a few years ago when I wrote my own customized ssh brute force blocker... "How to check and make sure no one can inject garbage in the mix, e.g., in ssh" awk 'NF<=10&&($6=="nvalid"||$7=="user")&&$9=="from"{print $10}' /var/log/secure|sort If you wanted to parse out valid networks before they're blocked then what? awk 'NF<=10&&($6=="nvalid"||$7=="user")&&$9=="from"{print $10}' /var/log/secure|\ sort|grep -v "192.168.x.x\|172.16.x.x\|10.x.x.x" Multiple that by all of your netblocks, clients' static netblocks, etc. It would be a horrible thing to maintain. I discussed this (injection) at length with Tavis Ormandy at Gentoo some years back who whipped me into shape over this same thing (injection) in which I actually understood what he was saying and what I overlooked. The same thing I overlooked (packetcrafting) is what fail2ban and others do. But anyhow, getting *back* to Voice matters, fail2ban is not feasible in a managed environment at all. Think about the tinkerers. Those who fiddle with their Snoms, Polycoms, etc., those who travel and fire up softphones. They'd instantly get banned if they fat-fingered a password. Now you have a pretty ticked off, paying client, banned from using something they've payed for. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E