If you want to share any of the ip’s that you have blocked I will gladly look into it.
APIBAN runs honeypots around the world. There’s generally an active list of 1,000 SIP and 2500 HTTP addresses at any time (IPs are active for 7 days and then can be “re-activated” when more traffic is seen).
I’d gladly help to see if you’ve implemented APIBAN in a solid way and/or if you have IPs we’re not seeing, looking at deploying a honeypot in that area.
Regards,
Fred Posner
On Nov 4, 2024, at 7:20 AM, Juha Heinanen via sr-users sr-users@lists.kamailio.org wrote:
Fred Posner writes:
On a targeted attack, APIBAN won’t help. You will see some benefits from iptables-api which will block your discovered traffic in iptables and helping reduce kamailio cpu.
I'm blocking attacks by fail2ban. My APIBAN test would generate syslog message for fail2ban, but none has been generated. It means that among the numerous attacks that my SIP proxy blocked by fail2ban, not a single one was detected by APIBAN. It means that APIBAN was not aware of the IP addresses of the attackers.
-- Juha __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: