Hello Matthew: What you are trying to do is a great idea. However I am one step ahead of you where my partners and clients have teamed up to share the block list. We have also teamed up for a formal complaint.
I am most happy to contribute in writing the codes as well. I don't know about others - but I've established a process and proper legal lingo, to call the providers so they take a note of these things as well and take action immediately. DDOS attackers with small foot print, I let go if they stop after their IP is blocked. However with those who are pounding out Giga Bytes of attacks (has happened 3 times in the last 2 weeks) - I merely pick up the phone and call the service provider. You will be surprised how cooperative they are! Its not only the technology needed in place to share the block list -- but it is much more effective if at least several of our organizations got together and filed a legal complaint with RCMP cyber crime unit, to bring awareness that this is a serious issue, potentially stopping the SMB and putting them out of business. http://www.rcmp-grc.gc.ca/on/prog-serv/support-soutien/itcu-gict-eng.htm What is happening here is technically a crime in Canadian standards of legislation - and it might be a crime overseas as well (West European countries)... and because RCMP has slightly better leverage, they are able to call proper channels overseas and have proper authorities contact the service providers. I think the SIP BLOCK LIST could start as a Canadian organization - assisting Canadian ITSPs. Once this project that you wish to undertake is successfully implemented, I have no doubt others will follow. You have my FULL support. Leaving all the cons away for the time being, I think its necessary to get the ball rolling. Only time will be the best judge but we need to move on forward because I see a LOT MORE PROS than cons here. The heuristics of the scoring algorithm will need to evolve as time goes on - but for now we can start with trusted sources from within our client base and partners. Cheers! Reza. On Wed, Sep 1, 2010 at 7:48 PM, Matthew Gamble <[email protected]> wrote: > I've been following the threads over the past weeks about Asterisk > hacks being on the rise, and I have to say I've been seeing the same > thing in my logs. > > I'm wondering if there is any community interest in creating a > database of known "attack" IP's that we could all update our IPTables > or other firewall rules with? I'm thinking we create some interface > for people to submit hosts they have blocked and a second interface > for people to download a list of "bad hosts" with number of reports. > > If anyone is interested in working on something like this please let > me know. I don't mind hosting / writing / running it, but I would > like to know that the community would use it before I invest the time > to set it up. > > Thanks! > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Toronto based VoIP / Asterisk Trainer, I.T. Consultant and Hosted PBX Solutions Provider. +1-647-476-2067. http://www.linkedin.com/in/seminar --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
