[VoiceOps] VoIP Abuse Project
Leandro Dardini
ldardini at gmail.com
Mon Sep 20 12:06:03 EDT 2010
Hello,
I find a blacklist too heavy to manage and unable to catch the fast emerging
bruteforcers. As freelancer I suggest to my clients (all on Linux with
Asterisk) the install of the fail2ban software.
The working of fail2ban software is really simple: it reads the messages
generated by the application and if one user try to authenticate with wrong
credentials more than X times in the unit of time, then triggers an insert
into iptables to not get more packets from him for a long time (adjustable).
Leandro
2010/9/20 J. Oquendo <sil at infiltrated.net>
> Darren Schreiber wrote:
> > Hi there,
> > We're working on a more general "VoIP Toolbox" of sorts. I'd love
> to participate with your project as well - let me know if that's possible.
> >
> > Thanks,
> > Darren Schreiber
> >
> >
>
> I would like for as many engineers/admins to participate. It's becoming
> cumbersome to deal with the ongoing attacks and for those who have NOT
> taken the time to notice, things are escalating.
>
> If anyone cares to send information please do so, the more logging
> information the better it would be. Because a situation like this
> (blacklisting) is built on a trust based relationship I ask the
> following: 1) Sanitize your networks for obvious reasons. 2)
> Gzip/zip/7zip your files when you send them. 3) Please make sure any
> visible offender information is visible.
>
> I will not repost any companies or individuals who submit any logs
> unless someone requests for me to do so. This keeps someone from being
> attacked in retaliation. Right now I have to parse out about 40-50
> different logfiles spread across a lot of networks. I'm doing so
> gradually as time progresses through the day. I added a PGP key to the
> page in the event someone wants to encrypt their messages as well.
>
> My ultimate goal is simple: Reduce the potential attackers, make network
> operators clean up their house if not, stay on a blacklist. When their
> clients complain and it starts affecting their pockets, maybe then will
> they get a clue.
>
>
>
>
> --
>
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> J. Oquendo
> SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT
>
> "It takes 20 years to build a reputation and five minutes to
> ruin it. If you think about that, you'll do things
> differently." - Warren Buffett
>
> 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E
>
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20100920/86d46958/attachment.html>
More information about the VoiceOps
mailing list