-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Here's my take on the attack... Sigh...
http://www.stuartsheldon.org/blog/2010/11/sip-brute-force-attacks-escalate-o ver-halloween-weekend/ Stu They were trolling for SIP account IDs, not really trying to register. It was a coordinated bot or spoofed source attack not "The Halloween Club" doing tricks. Any small system should: Use IPTABLES and block any parts of the world you don't need access to/from. Start with any Class A address that is probing your system. Make your SIP IDs 8-12 characters in length, and use at least alpha & numerical characters, some special characters if you like a little more variety. bear3579 b3e5a7r9 Bear3579 La3579ke Or more. Do the same for passwords. 6543office 7659home Etc. Are these perfect? No, but they are human friendly, and require the exploiter to hack a 16 to 24 character combination ID and Password that has 36 or more characters in the character set. Of course some dashes or periods or commas or others can be added. And when you see an attack if it isn't from a network on your planet, put the whole network in IPTABLES. (And get the world country delegations for IP addresses and block all "not on your planet.) $.02 Cary Fitch -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users