[asterisk-biz] Re: Fwd: Blacklist Security

trixter aka Bret McDanel trixter at 0xdecafbad.com
Thu Jun 8 00:09:06 MST 2006


On Wed, 2006-06-07 at 13:15 -0700, Mike Fedyk wrote:
> Mike Lynchfield wrote:
> > Ain't it time for all of us to get along and do POSITIVE CRITISIM ?
> I have to say, that Matt's email should be seen as exactly that.
> 
> What he brings up are valid concerns, and they happen every day with 
> other BLs so it is something you should think about, or you will have to 
> do it eventually.  Maybe after someone has already used your system as a 
> DoS attack.
> 
> Starting manually I think is a good start, so you can push out the 
> inevitable conflict over policy until after the system has been up for a 
> little while.

if its enum based you can have one master that only accepts traffic from
secondaries who actually are what root-servers point to.  in that way
you shield the 'source' and distribute basically dns zones to many boxes
who propagate the info out to everyone else...  It wont stop DDoS
attacks but it can help mitigate them, if one is unavailable the others
should be reachable still.  And if you want the info locally, perhaps
AXFR can be enabled for you, you set your dns server locally as a
secondary, there is at least with bind a notification event that can be
triggered upon change, they can also periodically pull the info based on
the SOA records.  And anyone that does query this via a caching name
server will automagically generated caches of the information so they
dont have to constantly look stuff up.  

An outage means however there is no lookup information and thus no
blacklist.  Calls go through that you may otherwise want to have
blacklisted.  that may cause some problems, however this is a slightly
different filtering list (unless a seperate table of voip spammers are
generated) and as such they want to sneak off into the shadows rather
than come full on with the providers.  There is a slight difference so
far in  the types of people.  That may change quickly as people may
realize that they can make money by completing calls if they DDoS the
VoIP-RBL servers.  Why DDoS mitigation techniques should be evaluated
and put in place beforehand.


-- 
Trixter http://www.0xdecafbad.com     Bret McDanel
Belfast IE +44 28 9099 6461    DE +49 801 777 555 3402
Utrecht NL +31 306 553058      US WA +1 360 207 0479
US NY +1 516 687 5200          FreeWorldDialup: 635378
http://www.trxtel.com we pay you to terminate calls with us!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.digium.com/pipermail/asterisk-biz/attachments/20060608/d7c69840/attachment.pgp


More information about the asterisk-biz mailing list