Re: [asterisk-biz] Fraud alert

Thu, 05 Mar 2009 20:41:10 -0800

Could you please provide the list of Ban IP's doing this fraud?

Sikander

John Todd wrote: 
On Feb 27, 2009, at 1:04 PM, [email protected] wrote:

  
I'd suggest to everyone to ban that IP, it's been scanning our  
networks
from time to time, in a sequential manner by IP.
        
I've had really good luck with this:

http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk

Basically, it automatically blackhols via IPtables any host that  
fails a
certain number of registration attempts in a given period.
      
Yeah we're actually rolling it out on all of our production servers,  
it's
a great application to run.

I'm working on some scripts to propagate the bans to the firewall so  
that
all of the servers get protected as soon as possible.

    
[default]
; Send any unauthenticated calls to the local FBI office
context=local-fbi-office

I've got a honeypot server that pretty much accepts any calls that  
come
through, and plays a "Thank you for calling the Telecommunications  
Fraud
hotline. Please stay online for the next available representative."  
If they
stay online for more than 20 seconds, it connects them to an agent  
at the
FBI that we have been working with.

I've been meaning to add some code in that pulls out the  
originating IP
address of the call and tells it to the agent when we call. :)
      
That would be great to have!
    



This sounds very much like the framework I discussed at the last  
astridevcon in September.  I've had no time to work on it, but it  
sounds like you're already making progress.

   http://astridevcon.pbwiki.com/Network-Security-Framework

Would you be interested in making your work more integral to Asterisk,  
so that it can be a generic security policy model for all channel  
methods, starting with SIP?  Or is the scrape-from-logfile method  
sufficient for your needs?

JT


---
John Todd                       email:[email protected]
Digium, Inc. | Asterisk Open Source Community Director
445 Jan Davis Drive NW -  Huntsville AL 35806  -   USA
direct: +1-256-428-6083         http://www.digium.com/




_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-biz


  
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-biz

Reply via email to