[VoiceOps] SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

Gavin Henry ghenry at suretec.co.uk
Mon Jan 3 12:12:36 EST 2022


On Mon, 3 Jan 2022 at 15:44, Mike Hammett <voiceops at ics-il.net> wrote:
>
> *nods* being UDP, it could be easy to spoof someone else to get them blocked. When I automated honeypot -> ACL, I shut myself out of Google's authoritative DNS servers, assuming because of spoofing. There could have been more than I didn't even realize.
>

What's the gain of spoofing/poisoning if you are going to do "allow
lists" for all your important IPs and only block on your important
ports (SIP etc) with Fail2ban? I suppose, "just because I can".

> Gotta protect against that kind of stuff.


More information about the VoiceOps mailing list