On Tue, 4 Aug 2009, J. Oquendo wrote:
While not operational (per-se) I wanted to post these questions...
1) Anyone have a reliable source for a) Canadian DID's
Les.net is based in Canada. Small shop, but always responsive. Vitelity has Canada, but not huge coverage.
2) I've slapped together a creative honeypot for Asterisk if anyone else is seeing those pesky little scans...
I love sshguard. It's a misleading name to a powerful tool. I've been trying to determine an easy way to use sshguard (http://sshguard.sourceforge.net/) to scan Asterisk's verbose log and block those who scanneth thou on demand. I think the answer is socat (http://www.dest-unreach.org/socat/doc/socat.html), but I haven't put the time back into trying it again. My initial attempt was using sshguard to block web scans: tail -n0 -F httpd.log | sed -n -E 's/^(.+?) .+ 404 .+$/\1 404 access denied/p' | sshguard -a 100 -s 60 -p 1200 But there are too many pipes involved. socat is my next attempt. Beckman --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman at angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------