On Wed, 23 Jun 2010, Tarek Sawah wrote:
> > you can start by simply telling us what is the purpose of your server.. > and does it have long distance of overseas?? do you use Numeric > usernames? simple passwords? passwords the same as your username? this > way you can offer more info so we can help you.a quick answer will be.. > opening a few and blocking ALL is easier.. as you can have upto 400 > prefix to block .. unless you call world wide.. then you will have to > block the countries you don't call .. another option.. make your > usernames more complex.. letters and numbers.. an additional option is > to use fail2ban with Asterisk support.. it will block the IP after the > number of attempts you set in the configs. a client of mine wanted > simple usernames and passwords to be setup using the keypad on the > ipphones.. two months ago they had the same problem you faced.. 400$ to > Zimbabway .. and later on 1200$ to Zimbabway.. their provider have a > limit of 30 minutes per call .. so the caller had to redial.. unless > it's automated.still you can provide us with more info.Regards > -- Tarek Sawah > Well we run local dial tone service in the US Virgin Islands. So our customers are connecting with ATA's, various models of Polycom phones, and SIP trunks from a custom PBX we sell to hotels and businesses. They connect from dynamic addresses most of the time, so we cannot apply any IP based filters to their accounts, though we may be able to restrict them to certain IP blocks. I'd rather not, since the upkeep would be quite a hassle, and would remove their ability to take their ATAs traveling. Our SIP usernames are their seven digit phone numbers, which may have been a bad choice, but most of the brute force attacks we have witnessed are trying combinations of 3 digit extension numbers. I haven't seen anyone try a brute force attack with 7 digits. The passwords are seven char auto-generated alpha-numeric "gibberish", and it seems rather unlikely to me that this account was broken by brute force trial and error. I'm still investigating other methods... like perhaps they broke into my server first and found the provisioning files. That would be bad. All of that aside - I know there are various things I can do to tighten up our SIP security. My question was more geared towards what do people do to keep their customers or employees from dialing toll numbers worldwide? I cannot restrict my customers to calling a set of countries. But I would feel justified in blocking toll numbers that I don't have a way of billing back. I just don't know where to start to build such a filter list. Surely other ITSPs have had to deal with this issue - fraud situations or not. The US is easy - all toll numbers start with 1-900 (I think :). Other countries are not so straightforward I understand. Has anyone else tackled this problem? Thanks, j -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
