Hello, I find a blacklist too heavy to manage and unable to catch the fast emerging bruteforcers. As freelancer I suggest to my clients (all on Linux with Asterisk) the install of the fail2ban software. The working of fail2ban software is really simple: it reads the messages generated by the application and if one user try to authenticate with wrong credentials more than X times in the unit of time, then triggers an insert into iptables to not get more packets from him for a long time (adjustable). Leandro 2010/9/20 J. Oquendo <sil at infiltrated.net>
Darren Schreiber wrote:
Hi there, We're working on a more general "VoIP Toolbox" of sorts. I'd love to participate with your project as well - let me know if that's possible.
Thanks, Darren Schreiber
I would like for as many engineers/admins to participate. It's becoming cumbersome to deal with the ongoing attacks and for those who have NOT taken the time to notice, things are escalating.
If anyone cares to send information please do so, the more logging information the better it would be. Because a situation like this (blacklisting) is built on a trust based relationship I ask the following: 1) Sanitize your networks for obvious reasons. 2) Gzip/zip/7zip your files when you send them. 3) Please make sure any visible offender information is visible.
I will not repost any companies or individuals who submit any logs unless someone requests for me to do so. This keeps someone from being attacked in retaliation. Right now I have to parse out about 40-50 different logfiles spread across a lot of networks. I'm doing so gradually as time progresses through the day. I added a PGP key to the page in the event someone wants to encrypt their messages as well.
My ultimate goal is simple: Reduce the potential attackers, make network operators clean up their house if not, stay on a blacklist. When their clients complain and it starts affecting their pockets, maybe then will they get a clue.
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT
"It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett
227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops