[asterisk-biz] Fraud alert

Gregory Boehnlein damin at nacs.net
Fri Feb 27 14:44:32 CST 2009


> > The IP address is:
> > 88.151.100.167
> >
> > I know it's totally my fault and I'm extremely lucky to have caught
> > them so early.
> 
> I'd suggest to everyone to ban that IP, it's been scanning our networks
> from time to time, in a sequential manner by IP.

I've had really good luck with this:

http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk

Basically, it automatically blackhols via IPtables any host that fails a
certain number of registration attempts in a given period.

Of course, the following works well too in SIP.conf

[default]
; Send any unauthenticated calls to the local FBI office
context=local-fbi-office

I've got a honeypot server that pretty much accepts any calls that come
through, and plays a "Thank you for calling the Telecommunications Fraud
hotline. Please stay online for the next available representative." If they
stay online for more than 20 seconds, it connects them to an agent at the
FBI that we have been working with.

I've been meaning to add some code in that pulls out the originating IP
address of the call and tells it to the agent when we call. :)





More information about the asterisk-biz mailing list