Sunday, March 1, 2009

Re: [asterisk-biz] Fraud alert

On Feb 27, 2009, at 1:04 PM, voip-asterisk@maximumcrm.com wrote:

>>> I'd suggest to everyone to ban that IP, it's been scanning our
>>> networks
>>> from time to time, in a sequential manner by IP.
>>
>> I've had really good luck with this:
>>
>> http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk
>>
>> Basically, it automatically blackhols via IPtables any host that
>> fails a
>> certain number of registration attempts in a given period.
>
> Yeah we're actually rolling it out on all of our production servers,
> it's
> a great application to run.
>
> I'm working on some scripts to propagate the bans to the firewall so
> that
> all of the servers get protected as soon as possible.
>
>> [default]
>> ; Send any unauthenticated calls to the local FBI office
>> context=local-fbi-office
>>
>> I've got a honeypot server that pretty much accepts any calls that
>> come
>> through, and plays a "Thank you for calling the Telecommunications
>> Fraud
>> hotline. Please stay online for the next available representative."
>> If they
>> stay online for more than 20 seconds, it connects them to an agent
>> at the
>> FBI that we have been working with.
>>
>> I've been meaning to add some code in that pulls out the
>> originating IP
>> address of the call and tells it to the agent when we call. :)
>
> That would be great to have!

This sounds very much like the framework I discussed at the last
astridevcon in September. I've had no time to work on it, but it
sounds like you're already making progress.

http://astridevcon.pbwiki.com/Network-Security-Framework

Would you be interested in making your work more integral to Asterisk,
so that it can be a generic security policy model for all channel
methods, starting with SIP? Or is the scrape-from-logfile method
sufficient for your needs?

JT


---
John Todd email:jtodd@digium.com
Digium, Inc. | Asterisk Open Source Community Director
445 Jan Davis Drive NW - Huntsville AL 35806 - USA
direct: +1-256-428-6083 http://www.digium.com/


_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)