Lonnie pointed out to me that it is perhaps better to let the Adaptive Ban
script handle the iptables calls rather than do from within the dialplan.
This has the advantage that the Adaptive Ban script will count the number
of bad attempts (the default appears to be 6 to trigger a ban). So I have
implemented an alternative, simpler, version in my Dialplan. This requires
that the firewall Adaptive Ban plugin is enabled in order to have the
firewall updated.
Thanks Lonnie.
David
[default]
exten => _[+0-9a-zA-Z].,1,Goto(reject-invalid,${EXTEN},1)
exten => h,1,Hangup()
[reject-invalid]
; Tell caller that number dialed is invalid.
exten => _[+0-9a-zA-Z].,1,Set(BANIP=${CHANNEL(recvip)})
same => n,Wait(1)
same => n,Answer()
same => n,Zapateller()
same => n,Playback(the-number-u-dialed)
same => n,SayDigits(${EXTEN})
same => n,Playback(has-been-disconnected&or&no-longer-in-service)
same => n,Playback(check-number-dial-again)
same => n,Congestion(5)
same => n,Log(NOTICE,'${BANIP}' - Dialplan Noted Suspicious IP Address)
same => n,Hangup()
; If caller hangs up before message completes, add IP to firewall block.
exten => h,1,Log(NOTICE,'${BANIP}' - Dialplan Noted Suspicious IP Address)
same => n,Hangup()
On Fri, Aug 31, 2012 at 9:55 AM, David Kerr <[email protected]> wrote:
> Over the last week or so I have been repeatedly hit by attempts to place
> calls through my asterisk server. So I decided to implement a script
> similar to one James posted earlier this year. I decided to be a little
> more generous... giving the caller one attempt to get it right before
> blocking their IP address rather than blocking immediately. So I only
> block if two calls from the same IP within 60 seconds are invalid. I also
> found that if you add the IP to the firewall before you play the message,
> then the message will not be heard, so I needed to modify the script to
> take care of that as well. Also, I don't persist blocks between
> reboots/restarts... but I do keep a record of the IP in the AstDB.
>
> Here is what I ended up with...
>
> [default]
> exten => _X.,1,Goto(reject-invalid,${EXTEN},1)
> exten => h,1,Hangup()
>
> [reject-invalid]
> ; Tell caller that number dialed is invalid.
> ; If same IP address makes two invalid calls within 60 seconds then block
> their IP
> exten => _X.,1,Set(BANNOW=0)
> same => n,Wait(1)
> same => n,Answer()
> same => n,Set(BANIP=${SIPCHANINFO(recvip)})
> same => n,Log(WARNING,Attempted invalid call to ${EXTEN} from
> ${BANIP})
> same =>
> n,ExecIf(${DB_EXISTS(banip/${BANIP})}?Set(BANNOW=$[${MATH(${EPOCH}-${DB_RESULT},i)}
> < 60]))
> same => n,Set(DB(banip/${BANIP})=${EPOCH})
> same => n,Zapateller()
> same => n,Playback(the-number-u-dialed)
> same => n,SayDigits(${EXTEN})
> same => n,Playback(has-been-disconnected&or&no-longer-in-service)
> same => n,Playback(check-number-dial-again)
> same => n,Congestion(5)
> ; Need to wait until after message played to add IP to firewall block.
> Else caller will not hear message.
> same => n,ExecIf($[${BANNOW}]?System(iptables -A ADAPTIVE_BAN_CHAIN
> -p udp -s ${BANIP} -j ADAPTIVE_BAN_DROP_CHAIN))
> same => n,Hangup()
> ; If caller hangs up before message completes, add IP to firewall block if
> necessary.
> exten => h,1,ExecIf($[${BANNOW}]?System(iptables -A ADAPTIVE_BAN_CHAIN -p
> udp -s ${BANIP} -j ADAPTIVE_BAN_DROP_CHAIN))
> same => n,Hangup()
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
