Check out this website tj: http://www.wizcrafts.net/chinese-iptables-blocklist.html
That should help you if you do servers and you probably can add these spam ip’s inside of MK. Tim From: Af [mailto:af-boun...@afmug.com] On Behalf Of TJ Trout Sent: Friday, February 27, 2015 2:21 PM To: af@afmug.com Subject: Re: [AFMUG] PBX gone crazy? PBX ddos? Importance: Low So I made a firewall rule to drop any traffic going to and from the subnet that was attacking them, it stopped lan traffic but it's still saturating the Wan so I moved the rule from the customers firewall to my core router. No other way unless I have my upstream null it ? I guess the best solution is to find out the networks the sip provider uses and whitelist those and block everything else ? On Feb 27, 2015 11:06 AM, "That One Guy" <thatoneguyst...@gmail.com> wrote: people dont take phone security serious enough, untill they get the bills for the overseas calls On Fri, Feb 27, 2015 at 12:33 PM, Tim Reichhart <t...@nwohiobb.com> wrote: This is why you want to run your PBX under hard firewall they do make one small firewall just for pbx: http://www.pikatechnologies.com/english/view.asp?x=1294 Tim From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy Sent: Friday, February 27, 2015 1:22 PM To: af@afmug.com Subject: Re: [AFMUG] PBX gone crazy? PBX ddos? Importance: Low We have been seeing alot of PBX malicious activity lately, Panasonic in particular. On Fri, Feb 27, 2015 at 12:02 PM, TJ Trout <t...@voltbb.com> wrote: Yes, they must be hacked. Although no calls were placed through the trunk, weird. On Fri, Feb 27, 2015 at 9:44 AM, Tim Reichhart <t...@nwohiobb.com> wrote: TJ After looking up that dst ip: https://www.google.com/search?q=http%3A%2F%2Fwww.poneytelcom.eu%2F <https://www.google.com/search?q=http%3A%2F%2Fwww.poneytelcom.eu%2F&ie=utf-8&oe=utf-8> &ie=utf-8&oe=utf-8 Why would your customer using ip’s to London for sip calling unless there pbx got hacked. Tim From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tim Reichhart Sent: Friday, February 27, 2015 12:30 PM To: af@afmug.com Subject: Re: [AFMUG] PBX gone crazy? PBX ddos? TJ What kind of ip pbx are they using? Also are they doing the HD calling because some IP pbxs allow you to add that G.711 code in it. Tim From: Af [mailto:af-boun...@afmug.com] On Behalf Of TJ Trout Sent: Friday, February 27, 2015 12:19 PM To: af@afmug.com Subject: [AFMUG] PBX gone crazy? PBX ddos? I have a customer with a IP PBX that all of the sudden is using 100% of their available upload and download capacity, when I torch them it shows as 4 sip connections but using way more bandwidth than a regular sip connection? http://s7.postimg.org/qy3n03ljv/Untitled.png Anyone ever seen something like this? -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.