Just wondering if anyone can tell me how I can reduce the time fail2ban takes to block a SIP attack please.
I’ve had a run of these recently from different IP addresses and I can see that it takes 2 mins almost exactly to ban an IP address, which in most cases is just over 800 attempts.
I have the following settings in Intrusion Detection:
Ban Time: -1 (Got this from a forum that said -1 = for ever)
Max Retry: 5
Find Time: 600
Fail2ban does catch the attack, but as I said, it takes 2 mins to do so. Any ideas why or how to make this actually 5 attempts would be appreciated.
Fail2ban is scanning logs, so it’s going to take a fair amount of time no matter what we do. It seems to me there’s a “this many times in this many minutes” component as well, so the tuning of the thing might make a difference.
There are a few “backends” used to scan the log files, the backend chosen can be auto
backend = auto
or explicit, polling is the slowest, gamin is usually the default, installing pyinotify and you will likely get the most responsive results.
My iPBX went through it’s set repo’s but couldn’t find that package in any it uses, can you point me to one that has it? This is for pyinotify…
On my Freepbx running on Raspberry PI, I have
bantime = 86400
findtime = 86400
maxretry = 3
And it do the job… It take less than 2 mins to ban an IP.
I also have a static IP list of banned IP that I load each time I do a fail2ban restart so Fail2ban only gets the new IP intrusions.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.