Monday, March 2, 2009

Re: [asterisk-biz] Fraud alert

What about tying this to a program called denyhosts? It works great for
banning systems that attempt connections via ssh. I doubt that it'd be
terribly hard to integrate so that sip and iax2 could be blocked also.
It also has the ability to share block lists among systems.

Darren Wiebe
darren@aleph-com.net

John Todd wrote:
> On Feb 27, 2009, at 1:04 PM, voip-asterisk@maximumcrm.com wrote:
>
>
>>>> I'd suggest to everyone to ban that IP, it's been scanning our
>>>> networks
>>>> from time to time, in a sequential manner by IP.
>>>>
>>> I've had really good luck with this:
>>>
>>> http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk
>>>
>>> Basically, it automatically blackhols via IPtables any host that
>>> fails a
>>> certain number of registration attempts in a given period.
>>>
>> Yeah we're actually rolling it out on all of our production servers,
>> it's
>> a great application to run.
>>
>> I'm working on some scripts to propagate the bans to the firewall so
>> that
>> all of the servers get protected as soon as possible.
>>
>>
>>> [default]
>>> ; Send any unauthenticated calls to the local FBI office
>>> context=local-fbi-office
>>>
>>> I've got a honeypot server that pretty much accepts any calls that
>>> come
>>> through, and plays a "Thank you for calling the Telecommunications
>>> Fraud
>>> hotline. Please stay online for the next available representative."
>>> If they
>>> stay online for more than 20 seconds, it connects them to an agent
>>> at the
>>> FBI that we have been working with.
>>>
>>> I've been meaning to add some code in that pulls out the
>>> originating IP
>>> address of the call and tells it to the agent when we call. :)
>>>
>> That would be great to have!
>>
>
>
>
> This sounds very much like the framework I discussed at the last
> astridevcon in September. I've had no time to work on it, but it
> sounds like you're already making progress.
>
> http://astridevcon.pbwiki.com/Network-Security-Framework
>
> Would you be interested in making your work more integral to Asterisk,
> so that it can be a generic security policy model for all channel
> methods, starting with SIP? Or is the scrape-from-logfile method
> sufficient for your needs?
>
> JT
>
>
> ---
> John Todd email:jtodd@digium.com
> Digium, Inc. | Asterisk Open Source Community Director
> 445 Jan Davis Drive NW - Huntsville AL 35806 - USA
> direct: +1-256-428-6083 http://www.digium.com/
>
>
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-biz
>


_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

No comments: