Ghetto, but goes a long way in helping harden individual Asterisk servers on which one has no choice but to leave the SIP call agent open to the public Internet: iptables -A INPUT -p UDP --dport 5060 -m string --string 'friendly-scanner' -j DROP On 05/18/2011 12:42 PM, Spencer wrote:
I'm not sure what your requirements are but, we recently blocked all non-ARIN IP space from reaching our registrars. We had something similar happen and this has essentiallyeliminated the fraudulent calls we saw.
Thanks, Spencer
------------------------------------------------------------------------ Message: 1 Date: Tue, 17 May 2011 15:53:15 -0700 From: Darren Schreiber <d at d-man.org <mailto:d at d-man.org>> To: "VoiceOps at voiceops.org <mailto:VoiceOps at voiceops.org>" <VoiceOps at voiceops.org <mailto:VoiceOps at voiceops.org>> Subject: [VoiceOps] Fraud fun Message-ID: <C9F84A6B.2097A%d at d-man.org <mailto:d at d-man.org>> Content-Type: text/plain; charset="us-ascii"
Hi folks, We have been hit twice in the past two days with calls to 011-252-XXXXXXXX (calls to Somalia I believe, and the originating IP is from Pakistan)
It's the same user each time, I think he had a weak password, but it cost us over $100, which isn't too bad (we catch it quick) but I'd like to get it closer to $0. :-)
Any good recommendations for IP ranges to block from incoming connections?
Thanks,
Darren Schreiber CEO / Co-Founder
2600hz | www.2600hz.com <http://www.2600hz.com><http://www.2600hz.com/> sip:darren at 2600hz.com <mailto:darren at 2600hz.com> tel:415-886-7901