On Mon, Apr 12, 2010 at 04:58:42PM -0500, JR Richardson wrote: > >>> Perhaps if there was a Asterisk RBL we could all contribute to; for > >>> which we could then hook into and drop any connection where a > >>> source IP is listed ? -- Thanks, Phil > >>> > >> > >> I love the idea of a RBL... count me in for contributing. > >> > >> Especially considering the ridiculous response I received from > >> Amazon. (Basically told me to submit host, destination, port, proto, > >> and log... which of course was already included in the original > >> complaint) > > > > I don't think anyone else brought up the Spamhaus DROP project. It's a > > blacklist of IP addresses and address ranges which are known to ONLY be > > used for malicious purposes. > > > > http://www.spamhaus.org/drop/
This is for really bad spammers. In our case it would be used to block Amazon AWS in the (completely unlikely!) case that they would do nothing about those cases. > > > > We could establish something similar to that for VOIP attacks. It may > > not be exactly a trivial system to maintain such a list. (removing IP's > > after X amount of time, disputing false claims etc). Maybe someone > > could contact spamhaus to create a list for VOIP since they seem to have > > a nice system in place? > > > Hi All, good discussion, similar to ones we had a year or so ago. The > RBL concept is valid, at least to get a repository going that list > malicious activity specific to SIP attacks. > n > I worked with Project Honeypot guys for a while, they are more than > willing to assist, as they already have the backend work done for a > clearing house identifying hackers. The biggest issue we had a year > ago was to create the mechanism in asterisk to push valid log messages > out to the database and then determine what to do with that data? > > I tried to bridge the gap between a few Asterisk developers and the > Honeypot developers, ultimately the project stalled and I got busy > with other matters. If anyone here would like to pick up the torch > and move this along, I can certainly provide info on how far along we > got and contact info for the parties involved. > > Please contact me if you have time to work on this and are interested. > I'm sure the Project Honeypot guys will be willing to pick this > project back up and work on it. I've been bitten too many times by over-jelous anti-spam black lists. It's easy to get in. More difficult to be removed. And heck, I can easily get set up a few servers in Amazon which will generate faked logs of "attacks" from your server, if I want to shut your phone system for a couple of days. -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users