[Astlinux-users] Script to block IPs that attempt to call through my asterisk server.

Fri, 31 Aug 2012 07:05:42 -0700 

Over the last week or so I have been repeatedly hit by attempts to place
calls through my asterisk server. So I decided to implement a script
similar to one James posted earlier this year.  I decided to be a little
more generous... giving the caller one attempt to get it right before
blocking their IP address rather than blocking immediately.  So I only
block if two calls from the same IP within 60 seconds are invalid.  I also
found that if you add the IP to the firewall before you play the message,
then the message will not be heard, so I needed to modify the script to
take care of that as well.  Also, I don't persist blocks between
reboots/restarts... but I do keep a record of the IP in the AstDB.

Here is what I ended up with...

[default]
exten => _X.,1,Goto(reject-invalid,${EXTEN},1)
exten => h,1,Hangup()

[reject-invalid]
; Tell caller that number dialed is invalid.
; If same IP address makes two invalid calls within 60 seconds then block
their IP
exten => _X.,1,Set(BANNOW=0)
     same => n,Wait(1)
     same => n,Answer()
     same => n,Set(BANIP=${SIPCHANINFO(recvip)})
     same => n,Log(WARNING,Attempted invalid call to ${EXTEN} from ${BANIP})
     same =>
n,ExecIf(${DB_EXISTS(banip/${BANIP})}?Set(BANNOW=$[${MATH(${EPOCH}-${DB_RESULT},i)}
< 60]))
     same => n,Set(DB(banip/${BANIP})=${EPOCH})
     same => n,Zapateller()
     same => n,Playback(the-number-u-dialed)
     same => n,SayDigits(${EXTEN})
     same => n,Playback(has-been-disconnected&or&no-longer-in-service)
     same => n,Playback(check-number-dial-again)
     same => n,Congestion(5)
; Need to wait until after message played to add IP to firewall block. Else
caller will not hear message.
     same => n,ExecIf($[${BANNOW}]?System(iptables -A ADAPTIVE_BAN_CHAIN -p
udp -s ${BANIP} -j ADAPTIVE_BAN_DROP_CHAIN))
     same => n,Hangup()
; If caller hangs up before message completes, add IP to firewall block if
necessary.
exten => h,1,ExecIf($[${BANNOW}]?System(iptables -A ADAPTIVE_BAN_CHAIN -p
udp -s ${BANIP} -j ADAPTIVE_BAN_DROP_CHAIN))
     same => n,Hangup()

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
[email protected].

Reply via email to