View Single Post
  #11  
Old 27th May 2010, 10:16
MET MET is offline
Junior Member
 
Join Date: May 2010
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default

As mentioned above, there is only the filter [asterisk-iptables] enabled. Attacks on the asterisk occur very irregular. Daly checks in the corresponding log-files show that nothing happened since the last one. I changed now the parameters in jail.conf to

maxretry = 5
bantime = 259200

thus not specifying a findtime. I will see how fail2ban will be able to handle the next attack. I don't have much hope that it will improve. At least I would still be able to see whether fail2ban did put the IP into the host.deny-file or not. However, to my understanding, the log of the last attack actually indicates that the IP has first been placed in the host.deny-file. One finds there the three distinct actions "banned", "already banned" and "unban".
Reply With Quote
Sponsored Links