Hi,
Given the recent increase in SIP brute force attacks, I've had a little idea.
The standard scripts that block after X attempts work well to prevent you
actually being compromised, but once you've been 'found' then the attempts seem
to keep coming for quite some time. Older versions of
Always start here... http://www.spamhaus.org/drop/
If the AS is stolen, you can block the network and never have to worry
about it...
~
Andrew lathama Latham
lath...@gmail.com
* Learn more about OSS http://en.wikipedia.org/wiki/Open-source_software
* Learn more about Linux
On Thu, 21 Oct 2010, Steve Howes wrote:
Hi,
Given the recent increase in SIP brute force attacks, I've had a little
idea.
The standard scripts that block after X attempts work well to prevent
you actually being compromised, but once you've been 'found' then the
attempts seem to keep
With CRON or as an init.d you can do many things...
http://www.spamhaus.org/faq/answers.lasso?section=DROP%20FAQ#116
~
Andrew lathama Latham
lath...@gmail.com
* Learn more about OSS http://en.wikipedia.org/wiki/Open-source_software
* Learn more about Linux http://en.wikipedia.org/wiki/Linux
*
I was thinking on the same lines, i.e. setup a server which will be
regularly updated with these bad IP addresses, and anybody looking to block
bad IPs will be able to get this list from here. For example when I get mail
from Fail2Ban (which I am getting more and more everyday now), a copy would
On 21 Oct 2010, at 16:54, Jeff LaCoursiere wrote:
I'll subscribe, that is for sure. What is the best way to dist the
blacklist? iptables include file? Or something more integrated to
asterisk... just thinking off the top of my head that a module that vetted
inbound connections against
: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Steve Howes
Sent: Thursday, October 21, 2010 10:41 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: [asterisk-users] SIP Blacklisting
Hi,
Given the recent increase in SIP
On Thu, 21 Oct 2010, Andrew Latham wrote:
Always start here... http://www.spamhaus.org/drop/
If the AS is stolen, you can block the network and never have to worry
about it...
~
Andrew lathama Latham
lath...@gmail.com
I guess you are assuming that spam networks should be included in
On 10/21/10 12:07 PM, Steve Howes steve-li...@geekinter.net wrote:
On 21 Oct 2010, at 16:54, Jeff LaCoursiere wrote:
I'll subscribe, that is for sure. What is the best way to dist the
blacklist? iptables include file? Or something more integrated to
asterisk... just thinking off the top
On 21 Oct 2010, at 17:03, Zeeshan Zakaria wrote:
But the problem is how to make sure that only legitimate users are
contributing to this list. Contributors to this list somehow need to verify
to an admin that they are not hackers, and this the hard part.
I was thinking of having a threshold
On Thu, 21 Oct 2010, Steve Howes wrote:
On 21 Oct 2010, at 16:54, Jeff LaCoursiere wrote:
I'll subscribe, that is for sure. What is the best way to dist the
blacklist? iptables include file? Or something more integrated to
asterisk... just thinking off the top of my head that a module
On 21 Oct 2010, at 17:32, Jeff LaCoursiere wrote:
I agree in principle - some cron job pulling the list by http would
certainly be simple. But just to continue my thoughts to the brick wall,
I don't see a lookup adding latency to the call other than what should
be a very brief addition to
Always start here... http://www.spamhaus.org/drop/
If the AS is stolen, you can block the network and never have to worry
about it...
I guess you are assuming that spam networks should be included in the
blacklist by default? I'm not sure that is a good assumption. Some of my
customer
13 matches
Mail list logo
