I have an iptables file which blocks all traffic except traffic from networks allocated by ARIN or are Legacy networks. I pulled the information from http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml
My iptables script can be found at the link below. http://help.nyigc.net/tmp/iptables_geoblock It might be helpful to someone. -----Original Message----- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Stefan Gofferje Sent: Thursday, March 27, 2014 2:13 PM To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] Numbers hackers call On 03/26/2014 05:05 PM, Michelle Dupuis wrote: > I see a lot of attempts by hackers to call 00972595301123 or > 011972595115207 or variations but that same 972595 is often present. > > > Can someone break down that dial string with an explanation? The 011 > look like an overseas call (from Americas), while the 972595XXXXXX is > unclear... Those lame hacking attempts aren't the big issue - unless you have an insecure SIP-PBX. Germany just got hit with a wave of hacks of Fritz!Box home routers with integrated SIP, causing hundreds of thousands in damage. The big issue is that the ISPs worldwide don't give a crap about complaints! And that's not only some backwater-ISPs in some 3rd world countries! It's mainly the big names, like Hetzner, L3, etc. who - oh well, yeah - send you an autoreply but in the end don't bother doing anything. Just recently was an article, again in a German IT-newsticker, about Hetzner's "abuse handling". They just forward the complaint to their customer, including full contact data - which is pretty much illegal (privacy protection, etc.) - but they don't follow up. I got so fed up that I now put the top 20 of attacking IPs to my website... Current top 5: 1. iWeb (Canada) 2. Level 3 (USA) 3. Dacom (S-Korea) 4. Intergenia (Germany) 5. OVH (France) See http://stefan.gofferje.net/it-stuff/sipfraud Really, if everybody would run statistics on attacks and publish them, those ISPs would pretty quickly not only start reacting to fouled servers but probably start monitoring proactively because being in the top 20 of attacker-IPs ain't good for their reputation... -S -- (o_ Stefan Gofferje | SCLT, MCP, CCSA //\ Reg'd Linux User #247167 | VCP #2263 V_/_ Heckler & Koch - the original point and click interface -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users