You guys are completely on the right track. The only other thing I'd do
is add some kind of logging system so that if an IP gets blacklisted,
we can show WHY it got blacklisted. (X brute force attaches / second,
etc - example passwords tried, etc.) This way if a system gets blocked
that is legitimate, "we" can examine the evidence and see if the claims
of legitimacy are valid etc.
|
|
|
Andrew M.
Lauppe
Consultant
|
|
4051B Executive Park Dr.
Harrisburg, PA 17111
+1 (877) OS-LINUX x23
+1 (484) 421-9919 direct |
|
Darren Wiebe wrote:
JR Richardson wrote:
No matter how the system is set up there should be a way to easily add
known-good IP as they relate to a particular installation.
The Project Honey Pot looks great.
I'm not too keen on white listing though. It would be hard to verify
an attacker's IP's that hasn't been identified as bad yet. I'm sure
some hackers would troll the black list and try to add their IP's as
known good. I don't think this would be some automated mechanism for
PBX server subscription, at least not yet.
I'm thinking more along the lines of a central list, updated by
community participants, to add IP's that have attacked them, with
date/time of the attack. It would be up to the PBX admin to employ a
filter with those black listed IP's or disregard the list all
together.
Thanks
JR
--
JR Richardson
Engineering for the Masses
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
This program is specific to SSH but we've been very, very happy with the
way that the denyhosts program works. It shares a list of ip addresses
with a central server. However, it's easy to add your own whitelist
that your system uses. I envision the same sort of functionality here.
|
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
