I've always been a bit slow on the draw with the whole "reflexively block an address" thing. It'd be just my luck to reflexively block one of my provider's addresses... David Hiers CCIE (R/S, V), CISSP ADP Dealer Services 2525 SW 1st Ave. Suite 300W Portland, OR 97201 o: 503-205-4467 f: 503-402-3277 -----Original Message----- From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org] On Behalf Of Peter Beckman Sent: Tuesday, August 04, 2009 12:17 PM To: J. Oquendo Cc: voiceops at voiceops.org Subject: Re: [VoiceOps] DID's + Asterisk Security On Tue, 4 Aug 2009, J. Oquendo wrote:
While not operational (per-se) I wanted to post these questions...
1) Anyone have a reliable source for a) Canadian DID's
Les.net is based in Canada. Small shop, but always responsive. Vitelity has Canada, but not huge coverage.
2) I've slapped together a creative honeypot for Asterisk if anyone else is seeing those pesky little scans...
I love sshguard. It's a misleading name to a powerful tool. I've been trying to determine an easy way to use sshguard (http://sshguard.sourceforge.net/) to scan Asterisk's verbose log and block those who scanneth thou on demand. I think the answer is socat (http://www.dest-unreach.org/socat/doc/socat.html), but I haven't put the time back into trying it again. My initial attempt was using sshguard to block web scans: tail -n0 -F httpd.log | sed -n -E 's/^(.+?) .+ 404 .+$/\1 404 access denied/p' | sshguard -a 100 -s 60 -p 1200 But there are too many pipes involved. socat is my next attempt. Beckman --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman at angryox.com http://www.angryox.com/ --------------------------------------------------------------------------- _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.