[VoiceOps] DID's + Asterisk Security

Peter Beckman beckman at angryox.com
Tue Aug 4 15:17:28 EDT 2009

On Tue, 4 Aug 2009, J. Oquendo wrote:

> While not operational (per-se) I wanted to post these questions...
> 1) Anyone have a reliable source for a) Canadian DID's

  Les.net is based in Canada.  Small shop, but always responsive.
  Vitelity has Canada, but not huge coverage.

> 2) I've slapped together a creative honeypot for Asterisk if anyone else
> is seeing those pesky little scans...

  I love sshguard.  It's a misleading name to a powerful tool.  I've been
  trying to determine an easy way to use sshguard
  (http://sshguard.sourceforge.net/) to scan Asterisk's verbose log and
  block those who scanneth thou on demand.  I think the answer is socat
  (http://www.dest-unreach.org/socat/doc/socat.html), but I haven't put the
  time back into trying it again.

  My initial attempt was using sshguard to block web scans:

     tail -n0 -F httpd.log | sed -n -E 's/^(.+?) .+ 404 .+$/\1 404 access denied/p' | sshguard -a 100 -s 60 -p 1200

  But there are too many pipes involved.  socat is my next attempt.

Peter Beckman                                                  Internet Guy
beckman at angryox.com                                 http://www.angryox.com/

More information about the VoiceOps mailing list