[VoiceOps] VoIP Abuse Project

Leandro Dardini ldardini at gmail.com
Mon Sep 20 12:06:03 EDT 2010

I find a blacklist too heavy to manage and unable to catch the fast emerging
bruteforcers. As freelancer I suggest to my clients (all on Linux with
Asterisk) the install of the fail2ban software.

The working of fail2ban software is really simple: it reads the messages
generated by the application and if one user try to authenticate with wrong
credentials more than X times in the unit of time, then triggers an insert
into iptables to not get more packets from him for a long time (adjustable).


2010/9/20 J. Oquendo <sil at infiltrated.net>

> Darren Schreiber wrote:
> > Hi there,
> >       We're working on a more general "VoIP Toolbox" of sorts. I'd love
> to participate with your project as well - let me know if that's possible.
> >
> > Thanks,
> >       Darren Schreiber
> >
> >
> I would like for as many engineers/admins to participate. It's becoming
> cumbersome to deal with the ongoing attacks and for those who have NOT
> taken the time to notice, things are escalating.
> If anyone cares to send information please do so, the more logging
> information the better it would be. Because a situation like this
> (blacklisting) is built on a trust based relationship I ask the
> following: 1) Sanitize your networks for obvious reasons. 2)
> Gzip/zip/7zip your files when you send them. 3) Please make sure any
> visible offender information is visible.
> I will not repost any companies or individuals who submit any logs
> unless someone requests for me to do so. This keeps someone from being
> attacked in retaliation.  Right now I have to parse out about 40-50
> different logfiles spread across a lot of networks. I'm doing so
> gradually as time progresses through the day. I added a PGP key to the
> page in the event someone wants to encrypt their messages as well.
> My ultimate goal is simple: Reduce the potential attackers, make network
> operators clean up their house if not, stay on a blacklist. When their
> clients complain and it starts affecting their pockets, maybe then will
> they get a clue.
> --
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> J. Oquendo
> "It takes 20 years to build a reputation and five minutes to
> ruin it. If you think about that, you'll do things
> differently." - Warren Buffett
> 227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20100920/86d46958/attachment.html>

More information about the VoiceOps mailing list