> > The IP address is: > > 88.151.100.167 > > > > I know it's totally my fault and I'm extremely lucky to have caught > > them so early. > > I'd suggest to everyone to ban that IP, it's been scanning our networks > from time to time, in a sequential manner by IP.
I've had really good luck with this: http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk Basically, it automatically blackhols via IPtables any host that fails a certain number of registration attempts in a given period. Of course, the following works well too in SIP.conf [default] ; Send any unauthenticated calls to the local FBI office context=local-fbi-office I've got a honeypot server that pretty much accepts any calls that come through, and plays a "Thank you for calling the Telecommunications Fraud hotline. Please stay online for the next available representative." If they stay online for more than 20 seconds, it connects them to an agent at the FBI that we have been working with. I've been meaning to add some code in that pulls out the originating IP address of the call and tells it to the agent when we call. :) _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
