On Sun, 11 Apr 2010, Zeeshan Zakaria wrote: > My experience is that as long as the hackers are getting any kind of > response from your server, they'll keep their attack on, in a hope that > they'll get into your system sooner or later. After all it is just some > computers doing the work for them, no human is phycally getting tired here. > This is why when you block them in your iptables, and they stop getting > response from your end, i.e. no ping reply, no sip response, nothing > basically, then they eventually take their attack somewhere else probably > because they (or their hack attempt software) either assume that the ip they > were attacking is no longer valid for the attack or the user has taken > enough security measures that attacking him is not worth the effort. > > On the contrary, my experience, if you don't block them, eventually attacks > increase. Probably they let their other hacker friends know too that your > server is a good candidate for hack attempt.
Very probably true... > Obvoiously its only the ISPs who can truly stop such attacks by blocking > them at their routers. If the hackers decide to keep bugging you, > unfortunately nothing can you do to protect your bandwdith waste. > > But I wonder if one's router doesn't respond back, e.g. it is physically > off, and someone is doing such an attack, do the ISPs still consider it > bandwidth usage? Intersting - I'm not sure. Currently my router isn't responding, but it still has to soak up the packet, and as it's being counted from the ISPs end, it's probably being 'counted' towards my allowance. I don't particularly want to turn it off though - I do all sorts of automated backups, etc. overnight as well as monitoring of my hosted servers, customers, etc.... However, I've just had a reply back from Amazon to say that they have contacted the hosts owner - but that was just over an hour ago, and when I removed the firewall rules, they're still trying )-: Is there any way to sniff the SIP password they're trying? It'd be intersting to see what passwords they're guessing - they're trying just one account rather than accounts at random. I've played with sipdump and sipcrack - looks like they're trying a different password each time though. Ho hum. Gordon -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
