[VoiceOps] DID's + Asterisk Security

Hiers, David David_Hiers at adp.com
Tue Aug 4 15:29:58 EDT 2009 

I've always been a bit slow on the draw with the whole "reflexively block an address" thing.  

It'd be just my luck to reflexively block one of my provider's addresses...





David Hiers

CCIE (R/S, V), CISSP
ADP Dealer Services
2525 SW 1st Ave.
Suite 300W
Portland, OR 97201
o: 503-205-4467
f: 503-402-3277 


-----Original Message-----
From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org] On Behalf Of Peter Beckman
Sent: Tuesday, August 04, 2009 12:17 PM
To: J. Oquendo
Cc: voiceops at voiceops.org
Subject: Re: [VoiceOps] DID's + Asterisk Security

On Tue, 4 Aug 2009, J. Oquendo wrote:

>
> While not operational (per-se) I wanted to post these questions...
>
> 1) Anyone have a reliable source for a) Canadian DID's

  Les.net is based in Canada.  Small shop, but always responsive.
  Vitelity has Canada, but not huge coverage.

> 2) I've slapped together a creative honeypot for Asterisk if anyone 
> else is seeing those pesky little scans...

  I love sshguard.  It's a misleading name to a powerful tool.  I've been
  trying to determine an easy way to use sshguard
  (http://sshguard.sourceforge.net/) to scan Asterisk's verbose log and
  block those who scanneth thou on demand.  I think the answer is socat
  (http://www.dest-unreach.org/socat/doc/socat.html), but I haven't put the
  time back into trying it again.

  My initial attempt was using sshguard to block web scans:

     tail -n0 -F httpd.log | sed -n -E 's/^(.+?) .+ 404 .+$/\1 404 access denied/p' | sshguard -a 100 -s 60 -p 1200

  But there are too many pipes involved.  socat is my next attempt.

Beckman
---------------------------------------------------------------------------
Peter Beckman                                                  Internet Guy
beckman at angryox.com                                 http://www.angryox.com/
---------------------------------------------------------------------------
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops


This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.

More information about the VoiceOps mailing list