On Tue, Jul 1, 2008 at 11:56 AM, Kristian Kielhofner <[EMAIL PROTECTED]> wrote: > On 7/1/08, randulo <[EMAIL PROTECTED]> wrote: >> Hi all, >> >> As I mentioned briefly in the SIP takeover thread, I'd like to try to >> talk about security this coming Friday. I realize it is a holiday in >> the USA, but do geeks ever take a day off, especially >> security-conscious geeks? Mark Spencer once said "The Bug Tracker is >> never on vacation!". >> >> We will try to start this subject this Friday, but I have no >> experience at all with this. If you know anyone who is good in this >> area and would like to share their expertise and talk about security >> in the asterisk and voip contexts, I'd like to hear from them, >> especially next Friday July 4th. >> >> tia, >> >> Randy >> > > Randy, > > I'd love to participate as long as no one minds me calling in from > the beach... :) > > I'm interested in developing my SIP DoS script (and any similar > solutions). While I'm reluctant to claim that it or anything like it > could protect from a true DoS, it would offer some protection at the > application level and that could make all the difference in some > instances... > > As far as wider Asterisk/security issues I think J. Oquendo would be > a great guest (hint, hint). > > -- > Kristian Kielhofner > NOT sent from my iPhone or Blackberry >
"NOT sent from my iPhone or Blackberry" very funny, you could add the typed with my thumbs line too. :) As far as your DoS script, do you have a general idea on how the conept would work? Would you just drop the packets from the offending IPs? For security, how about an authentication retry setting in the sip configuration? After X amounts of failed auth or registration attempts, block IP for Y amount of time. It would seem fairly easy to do using realtime with DB entries for IP blocks and expiration. Then a quick query of the same tables would allow an admin to put in permanent rules on a firewall or ACL and also contact that ISP's abuse dept. Thanks, Steve T _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
