On 21/01/2011 02:05, Max DiOrio wrote:
I was also hoping someone can provide some guidance on leaving the RTP
ports UDP 10000:20000 open to all IP's on the WAN. What type of
security issue will this raise? Should I install Fail2Ban in this
setup? The only issue I have with Fail2Ban was that it blocked my
access from the LAN within 15 seconds of it coming online.
They needn't be open at all. Instead, load the the ip_conntrack_sip
module and ensure that your iptables policy is stateful.
http://www.iptel.org/sipalg/
Using fail2ban carelessly might pave the way for remotely exploitable
DoS attacks. Though it has its uses, I wouldn't generally recommend it.
http://www.ossec.net/main/attacking-log-analysis-tools
Cheers,
--Kerin
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
