Re: [sipx-users] security in depth: protecting sipx from dos/toll fraud

/ - Original Message - From: sipx-users-boun...@list.sipfoundry.org To: sipx-users@list.sipfoundry.org Sent: Mon Nov 29 14:54:10 2010 Subject: Re: [sipx-users] security in depth: protecting sipx from dos/toll fraud On 11/29/10 2:51 PM, Tony Graziano wrote: > so I've begun >

Re: [sipx-users] security in depth: protecting sipx from dos/toll fraud

On 11/29/10 2:51 PM, Tony Graziano wrote: so I've begun using snort inline with voip.rules, you doing that with pfsense? -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 >*| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Aw

Re: [sipx-users] security in depth: protecting sipx from dos/toll fraud

ent.net/gethelp/ - Original Message - From: sipx-users-boun...@list.sipfoundry.org To: sipx-users@list.sipfoundry.org Sent: Mon Nov 29 09:22:47 2010 Subject: Re: [sipx-users] security in depth: protecting sipx from dos/toll fraud On 11/29/2010 7:30 AM, Tony Graziano wrote: > Why would i

Re: [sipx-users] security in depth: protecting sipx from dos/toll fraud

Hey, I see part two, which I had not seen the other day :). On Mon, 29 Nov 2010 01:17:59 -0500, Tony Graziano wrote: > If you read my blog example (which you did), you'll see I gave you the >  > example already. >  > Tony Graziano, Manager > Telephone: 434.984.8430 > F

Re: [sipx-users] security in depth: protecting sipx from dos/toll fraud

On Mon, 29 Nov 2010 01:17:59 -0500, Tony Graziano wrote: > If you read my blog example (which you did), you'll see I gave you the > example already. Yes, I have, just wondered if there are some other things that can (or should) be done. >  > Tony Graziano, Manager > 

Re: [sipx-users] security in depth: protecting sipx from dos/toll fraud

On 11/29/2010 7:30 AM, Tony Graziano wrote: > Why would it be if the remote connection was stateless? Off the top of my head, I am not sure. It may be how the program was written in this case. Just like the other person in the site I quoted earlier, the DROPs did not seem to work in a timely f

Re: [sipx-users] security in depth: protecting sipx from dos/toll fraud

Contract Customers: http://www.myitdepartment.net/gethelp/ - Original Message - From: sipx-users-boun...@list.sipfoundry.org To: Discussion list for users of sipXecs software Sent: Mon Nov 29 07:16:26 2010 Subject: Re: [sipx-users] security in depth: protecting sipx from dos/toll fraud On 11

Re: [sipx-users] security in depth: protecting sipx from dos/toll fraud

On 11/29/2010 5:44 AM, Tony Graziano wrote: wget -qO - http://www.infiltrated.net/voipabuse/addresses.txt |\ awk '{print "iptables -A INPUT -s "$1" -j DROP"}' According to my experience (and others) it may be better to use REJECT is the attack is under way. -- Regards

Re: [sipx-users] security in depth: protecting sipx from dos/toll fraud

wget -qO - http://www.infiltrated.net/voipabuse/addresses.txt |\ awk '{print "iptables -A INPUT -s "$1" -j DROP"}' On Sun, Nov 28, 2010 at 10:39 PM, Gerald Drouillard wrote: > On 10/15/2010 12:08 PM, Gerald Drouillard wrote: > > I forget where I got the idea for this but you may want to try some

Re: [sipx-users] security in depth: protecting sipx from dos/toll fraud

If you read my blog example (which you did), you'll see I gave you the example already. Tony Graziano, Manager Telephone: 434.984.8430 Fax: 434.984.8431 Email: tgrazi...@myitdepartment.net LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 Fa

Re: [sipx-users] security in depth: protecting sipx from dos/toll fraud

That's interesting. I'll have to dig around and see if pfsense has some limiters as part of it's functions. I'm noticing more and more posts from people saying that have been hit by attacks. I hope more and more people will share their methods on protecting their sipx services. On Sun, 28 No

Re: [sipx-users] security in depth: protecting sipx from dos/toll fraud

On 10/15/2010 12:08 PM, Gerald Drouillard wrote: > I forget where I got the idea for this but you may want to try something > like this to limit the udp connections on 5060: > > FILE=/etc/rc.local > echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > -m recent --set">>$FILE >

Re: [sipx-users] security in depth: protecting sipx from dos/toll fraud

On 10/15/10 11:38 AM, R P Herrold wrote: > Emerging Threats blocks of DSHIELD listed ip's, their list of RBN's (Russian > Business Network) EC2 (list of amazon ec2 ip's) URL please -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 125

Re: [sipx-users] security in depth: protecting sipx from dos/toll fraud

On 10/15/2010 11:30 AM, Michael Scheidell wrote: > It might be time to gather all the suggestions together and post on > the wiki under the security heading, mostly for newbies, but also for > some of us old timers to refer to. > Maybe a quick outline of the problem(s) and overview of solutions >

Re: [sipx-users] security in depth: protecting sipx from dos/toll fraud

I forget where I got the idea for this but you may want to try something like this to limit the udp connections on 5060: FILE=/etc/rc.local echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW -m recent --set">>$FILE echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m stat

[sipx-users] security in depth: protecting sipx from dos/toll fraud

On Fri, 15 Oct 2010, Michael Scheidell wrote: > Gerald's for voipblacklist (Gerald, I like this one. can > you get me contact information for admin?) I looked and pulled -- it seems to be a 'young' effort in that: - it lacks a 'in file' 'freshness' indicator - it lacks a statem

[sipx-users] security in depth: protecting sipx from dos/toll fraud

It might be time to gather all the suggestions together and post on the wiki under the security heading, mostly for newbies, but also for some of us old timers to refer to. Maybe a quick outline of the problem(s) and overview of solutions (eg: generic port scanning for port 5060, specific attem