Thursday, March 5, 2009

Re: [asterisk-biz] Fraud alert

Could you please provide the list of Ban IP's doing this fraud?

Sikander

John Todd wrote: 
On Feb 27, 2009, at 1:04 PM, voip-asterisk@maximumcrm.com wrote:    
I'd suggest to everyone to ban that IP, it's been scanning our   networks from time to time, in a sequential manner by IP.         
I've had really good luck with this:  http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk  Basically, it automatically blackhols via IPtables any host that   fails a certain number of registration attempts in a given period.       
Yeah we're actually rolling it out on all of our production servers,   it's a great application to run.  I'm working on some scripts to propagate the bans to the firewall so   that all of the servers get protected as soon as possible.      
[default] ; Send any unauthenticated calls to the local FBI office context=local-fbi-office  I've got a honeypot server that pretty much accepts any calls that   come through, and plays a "Thank you for calling the Telecommunications   Fraud hotline. Please stay online for the next available representative."   If they stay online for more than 20 seconds, it connects them to an agent   at the FBI that we have been working with.  I've been meaning to add some code in that pulls out the   originating IP address of the call and tells it to the agent when we call. :)       
That would be great to have!     
   This sounds very much like the framework I discussed at the last   astridevcon in September.  I've had no time to work on it, but it   sounds like you're already making progress.     http://astridevcon.pbwiki.com/Network-Security-Framework  Would you be interested in making your work more integral to Asterisk,   so that it can be a generic security policy model for all channel   methods, starting with SIP?  Or is the scrape-from-logfile method   sufficient for your needs?  JT   --- John Todd                       email:jtodd@digium.com Digium, Inc. | Asterisk Open Source Community Director 445 Jan Davis Drive NW -  Huntsville AL 35806  -   USA direct: +1-256-428-6083         http://www.digium.com/     _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com--  asterisk-biz mailing list To UNSUBSCRIBE or update options visit:    http://lists.digium.com/mailman/listinfo/asterisk-biz
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)