On Sun, 11 Apr 2010, --[ UxBoD ]-- wrote: > In the end I set up OSSEC (http://www.ossec.net) and wrote a rule that > would monitor for failed SIP registrations. If a few occurred within a > short space of time the Active Response kicks in and blocks the IP > address using IPTables. -- Thanks, Phil
Cheers - but it's not blocking that's the real issue, that's trivial in my router or on the PBX, it's that my monthly ADSL data cap is being used up and my ISP is not responding (actually, they might if I phone them, but it's not desperate right now as I'm unlimited at the weekend), and neither is Amazon. My currently monthly peak-time cap is 45GB - 8am to 8pm and they seem to be eating up some 7-10GB a day... So I might actually be OK and can just "weather it out", but it's still annoying. I'm tempted to just block all of Amazons EC2 and say to hell with them. Shouldn't be too hard to track them down - eg. from whois on that IP: NetRange: 72.44.32.0 - 72.44.63.255 CIDR: 72.44.32.0/19 NetName: AMAZON-EC2-2 NetRange: 75.101.128.0 - 75.101.255.255 CIDR: 75.101.128.0/17 NetName: AMAZON-EC2-4 NetRange: 67.202.0.0 - 67.202.63.255 CIDR: 67.202.0.0/18 NetName: AMAZON-EC2-3 NetRange: 174.129.0.0 - 174.129.255.255 CIDR: 174.129.0.0/16 NetName: AMAZON-EC2-5 NetRange: 204.236.128.0 - 204.236.255.255 CIDR: 204.236.128.0/17 NetName: AMAZON-EC2-6 NetRange: 184.72.0.0 - 184.73.255.255 CIDR: 184.72.0.0/15 NetName: AMAZON-EC2-7 (so much for running out of ipv4 address space when amazon has millions) And there are well knowing published lists from all chinese hosts, etc. too. Easy enough too cook up iptables to allow data from sites I connect out to, but block all incoming new connections. Gordon -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users