[CentOS] Hacking Issue

Tue Sep 27 12:11:17 UTC 2011
Micky L Martin <mickylmartin at gmail.com>

On Mon, Sep 26, 2011 at 10:10 AM, <m.roth at 5-cent.us> wrote:

> Theo Band wrote:
> > On 09/26/2011 01:02 PM, Jennifer Botten wrote:
> >>
> >> I am having an issue with someone accessing our server via a SIP/VOIP
> >> connection. I have changed my iptables rules to drop all UDP traffic
> >> from and too this IP address, but this traffic seems to still run
> >> through my server. These are the iptables rules that I current have on
> >> the server.
> >>
> >> -A INPUT -i eth0 -s 209.61.231.42 -p udp -j DROP
> >>
> >> -A INPUT -i eth0 -d 209.61.231.42 -p udp -j DROP
> >>
> >>
> > If your SIP server needs to be accessed from any IP address, consider to
> > use fail2ban. Easy to setup and it will block access to your SIP server
> > after so many false attempts.
> > I started using fail2ban to prevent the logs (Asterisk) from cluttering
> > failed logons.
>
> Let me chime in: *yes* to fail2ban. We use it here at work, and it works,
> and is very good. Not too hard to configure for basic usage, either, but
> very extensible.
>
>         mark
>
>

I use CSF and LFD. Like every other firewall, the backend is always iptables
but CSF is so powerful and has a lot of irreplaceable power and
functionality.
It can be a bit of difficult to configure it for the first time but when you
do, you will never look back ;)

-Micky.