On Mon, 1 Nov 2010, Cary Fitch wrote:
> Any small system should:
>
> Use IPTABLES and block any parts of the world you don't need access
> to/from. Start with any Class A address that is probing your system.
>
> Make your SIP IDs 8-12 characters in length, and use at least alpha &
> numerical characters, some special characters if you like a little more
> variety.
>
> bear3579
> b3e5a7r9
> Bear3579
> La3579ke
>
> Or more.
>
> Do the same for passwords.
>
> 6543office
> 7659home
How about:
echo cary+<salt> | sha1sum
where <salt> is something only you know.
> And when you see an attack if it isn't from a network on your planet,
> put the whole network in IPTABLES.
>
> (And get the world country delegations for IP addresses and block all
> "not on your planet.)
(Ever do something you think may get you 'roasted'? I'm getting that
feeling right now...)
I've just created a "resource" on voip-info.org that contains all of the
allocated class A IP address blocks by Regional Internet Registry in
'iptables' format. Please don't apply this list in it's entirety without
understanding that you will be blocking a LOT of potential [ab]users.
http://www.voip-info.org/wiki/view/allocated-class-a-ip-address-blocks
So you can 'pick and choose' which parts of the world you want to
communicate with.
It's a pretty broad brush and I'm sure it could use some refinement and
correction, but attempts on my client's systems have just about
evaporated.
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards [email protected] Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
