[VoiceOps] SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot
Mike Hammett
voiceops at ics-il.net
Mon Jan 3 14:09:41 EST 2022
It was just meant as a blanket statement. When automating blacklists, make sure you understand what is blocked and what is not. If you whitelist everything known good, then that's one way to skin the cat. I'm sure there are others.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest Internet Exchange
http://www.midwest-ix.com
----- Original Message -----
From: "Gavin Henry" <ghenry at suretec.co.uk>
To: "Mike Hammett" <voiceops at ics-il.net>
Cc: "Fred Posner" <fred at palner.com>, "VoiceOps" <voiceops at voiceops.org>
Sent: Monday, January 3, 2022 11:12:36 AM
Subject: Re: [VoiceOps] SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot
On Mon, 3 Jan 2022 at 15:44, Mike Hammett <voiceops at ics-il.net> wrote:
>
> *nods* being UDP, it could be easy to spoof someone else to get them blocked. When I automated honeypot -> ACL, I shut myself out of Google's authoritative DNS servers, assuming because of spoofing. There could have been more than I didn't even realize.
>
What's the gain of spoofing/poisoning if you are going to do "allow
lists" for all your important IPs and only block on your important
ports (SIP etc) with Fail2ban? I suppose, "just because I can".
> Gotta protect against that kind of stuff.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20220103/e1700db1/attachment-0001.htm>
More information about the VoiceOps
mailing list