On Feb 27, 2009, at 1:04 PM, voip-aster...@maximumcrm.com wrote: >>> I'd suggest to everyone to ban that IP, it's been scanning our >>> networks >>> from time to time, in a sequential manner by IP. >> >> I've had really good luck with this: >> >> http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk >> >> Basically, it automatically blackhols via IPtables any host that >> fails a >> certain number of registration attempts in a given period. > > Yeah we're actually rolling it out on all of our production servers, > it's > a great application to run. > > I'm working on some scripts to propagate the bans to the firewall so > that > all of the servers get protected as soon as possible. > >> [default] >> ; Send any unauthenticated calls to the local FBI office >> context=local-fbi-office >> >> I've got a honeypot server that pretty much accepts any calls that >> come >> through, and plays a "Thank you for calling the Telecommunications >> Fraud >> hotline. Please stay online for the next available representative." >> If they >> stay online for more than 20 seconds, it connects them to an agent >> at the >> FBI that we have been working with. >> >> I've been meaning to add some code in that pulls out the >> originating IP >> address of the call and tells it to the agent when we call. :) > > That would be great to have!
This sounds very much like the framework I discussed at the last astridevcon in September. I've had no time to work on it, but it sounds like you're already making progress. http://astridevcon.pbwiki.com/Network-Security-Framework Would you be interested in making your work more integral to Asterisk, so that it can be a generic security policy model for all channel methods, starting with SIP? Or is the scrape-from-logfile method sufficient for your needs? JT --- John Todd email:jt...@digium.com Digium, Inc. | Asterisk Open Source Community Director 445 Jan Davis Drive NW - Huntsville AL 35806 - USA direct: +1-256-428-6083 http://www.digium.com/ _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
