Automated way to block IP via ACLs using Acme CDRs/syslogs, sure would be good. We get DDOS SNMP Traps identifying IPs that are running REGISTER scans...But as someone said, these abusers are getting smarter and scaling back their register scan rates so as not to show up on the radar. Its an ever-evolving battle. I know they are on this list as well...:) -----Original Message----- From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org] On Behalf Of Peter Eisengrein Sent: Thursday, May 19, 2011 1:59 PM To: voiceops at voiceops.org Subject: Re: [VoiceOps] Fraud fun Someone (sorry, don't have the email handy) previously mentioned that they monitor the output from their acme and then blacklist IP's. Very interesting idea -- how are you determining who the "bad guys" are? From the "friendly-scanner" agent field? In what field is this? Are you doing this from the RADIUS CDRs? Thanks, Pete _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops