That’s a pretty good reason not to use flow-route.:).
If you had a prepaid account I wonder how it left your account running to
accumulate that much more usage. That definitely wouldn’t build confidence for
me either.
Thanks for the V6 pointer of fail2ban. Honestly, I never see any
attempts on V6 anyway maybe, at least for now, that’s not a big issue since the
attacks are primarily on V4.> On May 13, 2017, at 3:29 AM, 'Janina Sajka' via MacVisionaries > <macvisionaries@googlegroups.com> wrote: > > Hi, Scott: > > Two items in this email ... > > 1.) fail2ban and IPv6 ... It appears they're working on on IPv6 > support: > > https://ctrl.blog/entry/fail2ban-ipv6 > > As of today, however, it's not yet there on Fedora supported > packages. > > 2.) Floroute is a good SIP provider, and definitely capable > of business class service. Regretably, my Floroute account was > hacked shortly after I established it, now almost a decade ago. > In the space of about 40 minutes someone ran up $14K of charges > on calls to Sierra Leone using my prepaid account which had a > balance of but $40 at the time. Since mine account was prepaid, > not postpaid service, I declined to pay. And, even if we cleared > this up, I have no confidence to return to using Floroute. > > Scott Granados writes: >> I smell a business opportunity. Some googling seems ti indicate the >> provider you listed and someone called flowroute. THere’s tons of >> documentation on the advantages of SIP over IPv6 and lots of people >> convincing you to do it, especially on the enterprise side but no providers >> offering the service.:) >> >> >> Interesting your comments on fail2ban. Incredible PBX comes with both V4 >> and V6 rules included and it looked to me like fail2ban could update either >> but your unix mojo is strong so I’ll differ to you on that subject. >> >>> On May 11, 2017, at 11:24 PM, 'Janina Sajka' via MacVisionaries >>> <macvisionaries@googlegroups.com> wrote: >>> >>> Scott: >>> >>> Just a quick point to your email ... >>> >>> I believe fail2ban only works with IPv4. >>> >>> >>> Personally, if I could disable listening for incoming SIP on Ipv4, I'd >>> do so in a heartbeat. But for reasons I don't understand, the world of >>> SIP to PSTN gateways is entirely IPv4. Therefore, I have no choice but >>> to listen for SIP on 4, since I do want to be able to call to, and >>> recieve calls from, the PSTN. >>> >>> >>> Caveat to the above ... There is one provider that supports SIP over 6, >>> namely: >>> >>> http://callwithus.com >>> >>> Friends who know their stuff have had good experience with them--clearly >>> on a personal level. However, they don't support LNP, which kills a move >>> to Call with Us for me as I don't want to reconfigure with all new phone >>> numbers. >>> >>> Every few months I cast about for a SIP gateway service supporting 6, >>> but I've been disappointed to date. >>> >>> Janina >>> >>> Scott Granados writes: >>>> Ok, few points here. >>>> >>>> First, as a network engineer, everyone I work with and know prefers V6 by >>>> a long shot. The finding of individual addresses is no harder on V6 than >>>> V4, you can display your Mac table the same way. The routers usually have >>>> separate V4 and V6 RIBS as well so your V4 doesn’t mix with your V6 and >>>> your MPLS VPN routes are yet again separate etc. You use the same BGP and >>>> filtering mechanisms as V4 so that translates pretty nicely. >>>> One thing you can do in the notation is all the 0 fields can be >>>> represented with 2 :: marks. Something like >>>> 2001:4860:4860:0000:0000:0000:0000:1001 can be expressed as >>>> 2001:4860:4860::1001. The zeros need to be in contiguous blocks however >>>> and you can only do the substitution once per address block. >>>> The auto configuration feature is nice also. You don’t necessarily >>>> need to run a DHCP server to have machines self address which is very nice. >>>> I’ve never had problems banning IP addresses in V6 form but I’ve used >>>> more advanced methods like RTBH using URPF loose mode and changing the >>>> next hop to null 0 by using BGP communities or with BGP flow spec where >>>> you craft a firewall filter based on the specific address and publish that >>>> to your edge routers as part of the BGP session. >>>> >>>> >>>> Fail2Ban is quite good. My understanding is though it works with IP >>>> tables so you’d use both. When fail2ban jails an IP it drops an entry in >>>> the specific section of the IP tables rules. >>>> >>>> Admittedly though, I am a network engineer first and a decent unix guy >>>> second but my strongest skills are around routing and switching so I could >>>> be a little off with the systems level stuff. >>>> >>>> >>>> >>>> >>>> >>>>> On May 11, 2017, at 2:12 PM, Daniel Chavez <topdog2...@gmail.com> wrote: >>>>> >>>>> Good day list, >>>>> Most System Admin's, myself included, prefer IPV4 because it's a lot of >>>>> what most provider's support, plus tracking down machine's that utilize >>>>> IPV4 tends to be less stress on us. >>>>> As far as IPV6 masks, they come in the form of >>>>> letter:number:lettter:number, so banning them can be quite difficult, if >>>>> not next to impossible, in certain situations. >>>>> I do both Network and server administration and have been doing so for at >>>>> least 10 to 15 year's, and I can say that by using either IPTables and/or >>>>> Fail2ban, they both have strength's and weaknesses, though if it were me, >>>>> I like fail2ban myself. As IPTables gets the job done, it's rarely >>>>> updated at least on CentOS, while Fail2ban happens to be updated quite a >>>>> bit more often. On cPanel server's, especially, Fail2ban ties into IP >>>>> tables while also providing it's own level of protection which I find to >>>>> be nice. >>>>> If I had a client server I, too, could pull a fail2ban config file, but I >>>>> don't have access right now to a server. >>>>> >>>>> -- >>>>> The following information is important for all members of the Mac >>>>> Visionaries list. >>>>> >>>>> If you have any questions or concerns about the running of this list, or >>>>> if you feel that a member's post is inappropriate, please contact the >>>>> owners or moderators directly rather than posting on the list itself. >>>>> >>>>> Your Mac Visionaries list moderator is Mark Taylor. You can reach mark >>>>> at: macvisionaries+modera...@googlegroups.com and your owner is Cara >>>>> Quinn - you can reach Cara at caraqu...@caraquinn.com >>>>> >>>>> The archives for this list can be searched at: >>>>> http://www.mail-archive.com/macvisionaries@googlegroups.com/ >>>>> --- >>>>> You received this message because you are subscribed to the Google Groups >>>>> "MacVisionaries" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send an >>>>> email to macvisionaries+unsubscr...@googlegroups.com. >>>>> To post to this group, send email to macvisionaries@googlegroups.com. >>>>> Visit this group at https://groups.google.com/group/macvisionaries. >>>>> For more options, visit https://groups.google.com/d/optout. >>>> >>>> -- >>>> The following information is important for all members of the Mac >>>> Visionaries list. >>>> >>>> If you have any questions or concerns about the running of this list, or >>>> if you feel that a member's post is inappropriate, please contact the >>>> owners or moderators directly rather than posting on the list itself. >>>> >>>> Your Mac Visionaries list moderator is Mark Taylor. You can reach mark >>>> at: macvisionaries+modera...@googlegroups.com and your owner is Cara >>>> Quinn - you can reach Cara at caraqu...@caraquinn.com >>>> >>>> The archives for this list can be searched at: >>>> http://www.mail-archive.com/macvisionaries@googlegroups.com/ >>>> --- >>>> You received this message because you are subscribed to the Google Groups >>>> "MacVisionaries" group. >>>> To unsubscribe from this group and stop receiving emails from it, send an >>>> email to macvisionaries+unsubscr...@googlegroups.com. >>>> To post to this group, send email to macvisionaries@googlegroups.com. >>>> Visit this group at https://groups.google.com/group/macvisionaries. >>>> For more options, visit https://groups.google.com/d/optout. >>> >>> >>> >>> -- >>> >>> Janina Sajka, Phone: +1.443.300.2200 >>> sip:jan...@asterisk.rednote.net >>> Email: jan...@rednote.net >>> >>> Linux Foundation Fellow >>> Executive Chair, Accessibility Workgroup: http://a11y.org >>> >>> The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI) >>> Chair, Accessible Platform Architectures http://www.w3.org/wai/apa >>> >>> -- >>> The following information is important for all members of the Mac >>> Visionaries list. >>> >>> If you have any questions or concerns about the running of this list, or if >>> you feel that a member's post is inappropriate, please contact the owners >>> or moderators directly rather than posting on the list itself. >>> >>> Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: >>> macvisionaries+modera...@googlegroups.com and your owner is Cara Quinn - >>> you can reach Cara at caraqu...@caraquinn.com >>> >>> The archives for this list can be searched at: >>> http://www.mail-archive.com/macvisionaries@googlegroups.com/ >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "MacVisionaries" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to macvisionaries+unsubscr...@googlegroups.com. >>> To post to this group, send email to macvisionaries@googlegroups.com. >>> Visit this group at https://groups.google.com/group/macvisionaries. >>> For more options, visit https://groups.google.com/d/optout. >> >> -- >> The following information is important for all members of the Mac >> Visionaries list. >> >> If you have any questions or concerns about the running of this list, or if >> you feel that a member's post is inappropriate, please contact the owners or >> moderators directly rather than posting on the list itself. >> >> Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: >> macvisionaries+modera...@googlegroups.com and your owner is Cara Quinn - you >> can reach Cara at caraqu...@caraquinn.com >> >> The archives for this list can be searched at: >> http://www.mail-archive.com/macvisionaries@googlegroups.com/ >> --- >> You received this message because you are subscribed to the Google Groups >> "MacVisionaries" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to macvisionaries+unsubscr...@googlegroups.com. >> To post to this group, send email to macvisionaries@googlegroups.com. >> Visit this group at https://groups.google.com/group/macvisionaries. >> For more options, visit https://groups.google.com/d/optout. > > > > -- > > Janina Sajka, Phone: +1.443.300.2200 > sip:jan...@asterisk.rednote.net > Email: jan...@rednote.net > > Linux Foundation Fellow > Executive Chair, Accessibility Workgroup: http://a11y.org > > The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI) > Chair, Accessible Platform Architectures http://www.w3.org/wai/apa > > -- > The following information is important for all members of the Mac Visionaries > list. > > If you have any questions or concerns about the running of this list, or if > you feel that a member's post is inappropriate, please contact the owners or > moderators directly rather than posting on the list itself. > > Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: > macvisionaries+modera...@googlegroups.com and your owner is Cara Quinn - you > can reach Cara at caraqu...@caraquinn.com > > The archives for this list can be searched at: > http://www.mail-archive.com/macvisionaries@googlegroups.com/ > --- > You received this message because you are subscribed to the Google Groups > "MacVisionaries" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to macvisionaries+unsubscr...@googlegroups.com. > To post to this group, send email to macvisionaries@googlegroups.com. > Visit this group at https://groups.google.com/group/macvisionaries. > For more options, visit https://groups.google.com/d/optout. -- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: macvisionaries+modera...@googlegroups.com and your owner is Cara Quinn - you can reach Cara at caraqu...@caraquinn.com The archives for this list can be searched at: http://www.mail-archive.com/macvisionaries@googlegroups.com/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to macvisionaries+unsubscr...@googlegroups.com. To post to this group, send email to macvisionaries@googlegroups.com. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: Message signed with OpenPGP
