> On Tue, Mar 24, 2009 at 8:10 AM, Tilghman Lesher > <tilgh...@mail.jeffandtilghman.com> wrote: >> There are 4 billion possible IP addresses. To successfully block all >> possible >> hackers, you must block 4 billion of them. Seriously. Even your own >> computer >> is a possible source of hacking to other locations. > > In that case, why not just pull the ethernet cable from the router? > That will block all spal, hacker attempts and viruses free. > > I use spamcop.net for email blocking and it works very well, > especially if you participate by feeding the list. I've reported over > 30,000 spam emails. Spamcop processes the headers intelligently and it > figures out the actual originating IP. There is no reason why a > properly formed list couldn't be helpful. It wouldn't put an end to > problems, but it could be one arm in a defensive system. >
You are assuming that Asterisk even notifies you of a bad SIP extension. Currently, I have only seen the 1.4 and earlier branches report if the SIP fails to connect with an established authentication/secret key or heaven forbid, a registered phone doesn't match the digest. (which fails registration only to be successfully registered again...pointless) If I go after my server with SJPhone on a Direct SIP call and a bogus line, with verbose set to 100, I get this cryptic message. [Mar 24 07:43:51] NOTICE[6061]: chan_sip.c:14634 handle_request_invite: Call from '' to extension '34235' rejected because extension not found. {yes, there is nothing in-between the quotes, I didn't remove it, this is how it is} and then shortly thereafter [Mar 24 07:44:11] WARNING[6061]: chan_sip.c:1976 retrans_pkt: Maximum retries exceeded on transmission 699D070E58644E7CA07285C71673D5100xc0a8a864 for seqno 1 (Critical Response) -- See doc/sip-retransmit.txt. Needless to say this is after 7-8 SIP 404 messages have been sent for the same thing, so I get no idea of how many attempts are made. There are many SIP responses I have seen on trace routes that are not even displayed like 484. My verbose level may not have been sufficient, I realize, but it is kind of spooky. Sure 484 is useful, but hacker friendly. Any attempt to get Asterisk hacker proof has to start with notification otherwise I am fighting ghosts. So being a person that seeks solutions and not problems, what about a logging option similar to the CDR or Apache2 logging. Best case, I provide Asterisk with a list of SIP codes I want to track. Asterisk then provides me with a log file indicating the details: Time Date IP address From To Result etc. Something standard so I can get a tool like fail2ban around the issue. _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users