> Hackers. As a US service provider I get hit pretty often with bots
> trying brute force username/password attacks, mostly coming form overseas.
> I had several attacks this weekend and it got me thinking about a list that
> could benefit the community. There was a great discussion about Asterisk
> security on the "PBX Got Hacked" thread over the past couple of weeks and
> someone did mention this type of list.
>
> I do not want to re-invent the wheel, is there such a list already
> established that I may contribute to? If not, I would not mind hosting a
> list on my website. I know there will be some particulars to be worked out,
> list format, qualifying list entries, how the list will be updated, removing
> entries, and items I haven't thought about.
I think a good starting point on how to handle this project would be
www.projecthoneypot.org
I don't think that there is an existing blacklist for Asterisk though
> Are there any legal pitfalls with hosting such a list?
IANAL, but you'll need a very strong disclaimer concerning the
risk of blocking good calls.
No matter how the system is set up there should be a way to easily add
known-good IP as they relate to a particular installation.
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
Posts
No comments:
Post a Comment