[VoiceOps] DID's + Asterisk Security
Peter Beckman
beckman at angryox.com
Tue Aug 4 15:17:28 EDT 2009
On Tue, 4 Aug 2009, J. Oquendo wrote:
>
> While not operational (per-se) I wanted to post these questions...
>
> 1) Anyone have a reliable source for a) Canadian DID's
Les.net is based in Canada. Small shop, but always responsive.
Vitelity has Canada, but not huge coverage.
> 2) I've slapped together a creative honeypot for Asterisk if anyone else
> is seeing those pesky little scans...
I love sshguard. It's a misleading name to a powerful tool. I've been
trying to determine an easy way to use sshguard
(http://sshguard.sourceforge.net/) to scan Asterisk's verbose log and
block those who scanneth thou on demand. I think the answer is socat
(http://www.dest-unreach.org/socat/doc/socat.html), but I haven't put the
time back into trying it again.
My initial attempt was using sshguard to block web scans:
tail -n0 -F httpd.log | sed -n -E 's/^(.+?) .+ 404 .+$/\1 404 access denied/p' | sshguard -a 100 -s 60 -p 1200
But there are too many pipes involved. socat is my next attempt.
Beckman
---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman at angryox.com http://www.angryox.com/
---------------------------------------------------------------------------
More information about the VoiceOps
mailing list