Ouch! Thats very bad! I guess with any good idea such as RBLs, there is always the potential to get sued. Running a phone company and not being able to terminate crystal clear 911 calls can get anyone sued. I guess, no pain, no gain. Comes with the turf in this sue-happy society of North America. I know someone who got charged and sued for "Assault with a weapon" -- where the weapon was a tomato (seriously! not kidding), and the tomato was classified as a "projectile, potentially capable of inflicting bodily harm". Different topic all together over coffee and chat when we get together.
Cheers! Reza. On Wed, Sep 1, 2010 at 11:27 PM, Bill Sandiford <[email protected]> wrote: > Matthew: > > I think something like this is good, although be very very careful as doing > so could get you sued. > > If you don't believe me, ask my friends Paul Vixie and Dave Rand. They are > the inventors of one of the first (IF NOT THE FIRST) e-mail RBLs (MAPS) and > doing so got them sued. > > http://en.wikipedia.org/wiki/Mail_Abuse_Prevention_System > > Vixie also happens to be the guy that wrote BIND - the DNS server that runs > over 75% of the Internet. > > Once again, I think it's a great idea...just be sure to protect yourself. > > Bill > >> -----Original Message----- >> From: Matthew Gamble [mailto:[email protected]] >> Sent: Wednesday, September 01, 2010 8:21 PM >> To: Bruce N; asterisk Mailing >> Subject: Re: [on-asterisk] Crowd sourcing rules for blocking hacking >> attempts? >> >> Bruce, >> >> What I'm proposing (and actually just started writing the code for) is >> a system where we allow anyone to sign up (the power of the crowds) >> but require a few things: >> >> 1) Authenticated email address. Not hard to get, but it does stop >> random signups >> 2) Reports from new accounts are not added to the global list for X >> days to monitor the quality of the data they are submitting. >> >> Further to the above, I'm adding a "score" feature to the output, so >> when you request a list of "bad" hosts you would get a file with IP, >> last reported date, and "score". The score would be a function of a >> few things: >> >> 1) How well do you trust the reporter(s)? Age of accounts, never >> flagged for reporting bad data, etc >> 2) How many people reported this IP? 1? It wouldn't be in the >> database until a few different sites reported it, etc >> 3) Other criteria I'm still writing. >> >> The third piece of security would be a system for people to "flag" >> data as being bad, creating a feedback loop to ensure that if a person >> submitted false data that it was quickly removed from the DB. >> >> Remember that crowd sourced rule systems already work for email >> (Cloudmark for example) and with a trust system and good scoring rules >> the issue of false positives becomes much less of a risk. >> >> >> On Wed, Sep 1, 2010 at 8:13 PM, Bruce N <[email protected]> wrote: >> > Hello Mathew, >> > >> > Are you suggesting an open system for everyone and anyone to input an >> IP >> > address? Two scenarios: >> > >> > 1- Allow only people who you trust - >> > CONS: >> > a- Still can't negate the fact that some >> authorized >> > user may mistakenly put a client's IP in the "BAD" IP table. >> > b- Limiting the number of reported "BAD" IPs >> to the >> > number of trusted people which I would like to believe would be very >> small >> > or else it won't be a trusted circle. >> > PROS: >> > a- Can be MORE or LESS a trusted database - >> As long >> > as no bulk IPs are allowed to be entered and there are restrictions >> to add >> > more than 1 IP per hour let's say. >> > >> > 2- Allow anyone to sign-up and add "BAD" IPs. >> > CONS: >> > a- Anyone can sign-up. Even the cracker!!! >> He can >> > put our legit IPs in the database and "BOOM", shutdown service for >> clients >> > for no good reason. I mean an IP that is "BAD" today can be a >> potential >> > customer tomorrow. What would be the rules to remove them when you >> have a >> > whole bunch of people submitting these - specially if this grows >> really big. >> > b- The list will grow so big that it won't >> be >> > possible to handle or it might again block legit users as the attacks >> are >> > usually co-ordinated not from the cracker IP address but rather >> compromised >> > servers and it might literally block a good portion of the USA >> continental >> > as lots of attacks do originate from compromised servers in USA while >> the >> > cracker is enjoying his tea break in Russia. >> > >> > PROS: >> > a- Would be a more complete list of "BAD" IP >> > addresses. >> > >> > These work around will be somehow useful but isnt' it about time that >> SIP >> > becomes more transparent to the common folks (simpler, less ambiguous >> > output, and more manageable SIP debug) - as it's becoming more >> commonplace >> > now-a-days? Or maybe pay more attention to it's security feature >> innately >> > like other popular protocols rather than keeping them as an option >> for the >> > user to turn on? As an example, just few years ago, all wireless >> routers >> > were possible to setup without a wireless security (one could >> literally jump >> > from neighbour to neighbour in the whole block) and now any router >> you take >> > out of the box either has a randomly generated wireless password or >> asks for >> > one before setting up the wireless leaving you with no access to >> neighbours >> > hot spot. >> > >> > -Bruce >> > >> > >> >> Date: Wed, 1 Sep 2010 19:48:54 -0400 >> >> From: [email protected] >> >> To: [email protected] >> >> Subject: [on-asterisk] Crowd sourcing rules for blocking hacking >> attempts? >> >> >> >> I've been following the threads over the past weeks about Asterisk >> >> hacks being on the rise, and I have to say I've been seeing the same >> >> thing in my logs. >> >> >> >> I'm wondering if there is any community interest in creating a >> >> database of known "attack" IP's that we could all update our >> IPTables >> >> or other firewall rules with? I'm thinking we create some interface >> >> for people to submit hosts they have blocked and a second interface >> >> for people to download a list of "bad hosts" with number of reports. >> >> >> >> If anyone is interested in working on something like this please let >> >> me know. I don't mind hosting / writing / running it, but I would >> >> like to know that the community would use it before I invest the >> time >> >> to set it up. >> >> >> >> Thanks! >> >> >> >> -------------------------------------------------------------------- >> - >> >> To unsubscribe, e-mail: [email protected] >> >> For additional commands, e-mail: [email protected] >> >> >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Toronto based VoIP / Asterisk Trainer, I.T. Consultant and Hosted PBX Solutions Provider. +1-647-476-2067. http://www.linkedin.com/in/seminar --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
