Hello Mathew,
Are you suggesting an open system for everyone and anyone to input an IP
address? Two scenarios:
1- Allow only people who you trust -
CONS:
a- Still can't negate the fact that some authorized
user may mistakenly put a client's IP in the "BAD" IP table.
b- Limiting the number of reported "BAD" IPs to the
number of trusted people which I would like to believe would be very small or
else it won't be a trusted circle.
PROS:
a- Can be MORE or LESS a trusted database - As long as
no bulk IPs are allowed to be entered and there are restrictions to add more
than 1 IP per hour let's say.
2- Allow anyone to sign-up and add "BAD" IPs.
CONS:
a- Anyone can sign-up. Even the cracker!!! He can put
our legit IPs in the database and "BOOM", shutdown service for clients for no
good reason. I mean an IP that is "BAD" today can be a potential customer
tomorrow. What would be the rules to remove them when you have a whole bunch of
people submitting these - specially if this grows really big.
b- The list will grow so big that it won't be possible
to handle or it might again block legit users as the attacks are usually
co-ordinated not from the cracker IP address but rather compromised servers and
it might literally block a good portion of the USA continental as lots of
attacks do originate from compromised servers in USA while the cracker is
enjoying his tea break in Russia.
PROS:
a- Would be a more complete list of "BAD" IP addresses.
These work around will be somehow useful but isnt' it about time that SIP
becomes more transparent to the common folks (simpler, less ambiguous output,
and more manageable SIP debug) - as it's becoming more commonplace now-a-days?
Or maybe pay more attention to it's security feature innately like other
popular protocols rather than keeping them as an option for the user to turn
on? As an example, just few years ago, all wireless routers were possible to
setup without a wireless security (one could literally jump from neighbour to
neighbour in the whole block) and now any router you take out of the box either
has a randomly generated wireless password or asks for one before setting up
the wireless leaving you with no access to neighbours hot spot.
-Bruce
> Date: Wed, 1 Sep 2010 19:48:54 -0400
> From: [email protected]
> To: [email protected]
> Subject: [on-asterisk] Crowd sourcing rules for blocking hacking attempts?
>
> I've been following the threads over the past weeks about Asterisk
> hacks being on the rise, and I have to say I've been seeing the same
> thing in my logs.
>
> I'm wondering if there is any community interest in creating a
> database of known "attack" IP's that we could all update our IPTables
> or other firewall rules with? I'm thinking we create some interface
> for people to submit hosts they have blocked and a second interface
> for people to download a list of "bad hosts" with number of reports.
>
> If anyone is interested in working on something like this please let
> me know. I don't mind hosting / writing / running it, but I would
> like to know that the community would use it before I invest the time
> to set it up.
>
> Thanks!
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
