Not sure what kind of provision server you have there. But do not use http as your provision protocol. Use https instead.
Jian Jeff LaCoursiere wrote: > On Wed, 23 Jun 2010, Tarek Sawah wrote: > > >> you can start by simply telling us what is the purpose of your server.. >> and does it have long distance of overseas?? do you use Numeric >> usernames? simple passwords? passwords the same as your username? this >> way you can offer more info so we can help you.a quick answer will be.. >> opening a few and blocking ALL is easier.. as you can have upto 400 >> prefix to block .. unless you call world wide.. then you will have to >> block the countries you don't call .. another option.. make your >> usernames more complex.. letters and numbers.. an additional option is >> to use fail2ban with Asterisk support.. it will block the IP after the >> number of attempts you set in the configs. a client of mine wanted >> simple usernames and passwords to be setup using the keypad on the >> ipphones.. two months ago they had the same problem you faced.. 400$ to >> Zimbabway .. and later on 1200$ to Zimbabway.. their provider have a >> limit of 30 minutes per call .. so the caller had to redial.. unless >> it's automated.still you can provide us with more info.Regards >> -- Tarek Sawah >> >> > > Well we run local dial tone service in the US Virgin Islands. So our > customers are connecting with ATA's, various models of Polycom phones, and > SIP trunks from a custom PBX we sell to hotels and businesses. They > connect from dynamic addresses most of the time, so we cannot apply any IP > based filters to their accounts, though we may be able to restrict them to > certain IP blocks. I'd rather not, since the upkeep would be quite a > hassle, and would remove their ability to take their ATAs traveling. > > Our SIP usernames are their seven digit phone numbers, which may have been > a bad choice, but most of the brute force attacks we have witnessed are > trying combinations of 3 digit extension numbers. I haven't seen anyone > try a brute force attack with 7 digits. The passwords are seven char > auto-generated alpha-numeric "gibberish", and it seems rather unlikely to > me that this account was broken by brute force trial and error. I'm still > investigating other methods... like perhaps they broke into my server > first and found the provisioning files. That would be bad. > > All of that aside - I know there are various things I can do to tighten up > our SIP security. > > My question was more geared towards what do people do to keep their > customers or employees from dialing toll numbers worldwide? I cannot > restrict my customers to calling a set of countries. But I would feel > justified in blocking toll numbers that I don't have a way of billing > back. I just don't know where to start to build such a filter list. > Surely other ITSPs have had to deal with this issue - fraud situations or > not. The US is easy - all toll numbers start with 1-900 (I think :). > Other countries are not so straightforward I understand. > > Has anyone else tackled this problem? > > Thanks, > > j > > > > -- Jian Gao IT Technician SJ Geophysics Ltd. <http://www.sjgeophysics.com> [email protected] <mailto:[email protected]> Tel: (604)582-1100 -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
