[asterisk-biz] Fraud alert
C. Savinovich
c.savinovich at itntelecom.com
Fri Feb 27 15:18:26 CST 2009
It seems to be the same pattern of people who attacked 3 of my servers in
a 3 week period a couple of weeks ago. The calls were made mostly to area
codes 252 and 818 and indeed they showed the caller-id of the phones. My
customer claims he received a call from the FBI saying that the calls were
credit card solicitations. The point is, whoever is doing this, is doing
this massively.
CS
-----Original Message-----
From: asterisk-biz-bounces at lists.digium.com
[mailto:asterisk-biz-bounces at lists.digium.com] On Behalf Of
voip-asterisk at maximumcrm.com
Sent: Friday, February 27, 2009 4:04 PM
To: Commercial and Business-Oriented Asterisk Discussion
Subject: Re: [asterisk-biz] Fraud alert
>> I'd suggest to everyone to ban that IP, it's been scanning our networks
>> from time to time, in a sequential manner by IP.
>
> I've had really good luck with this:
>
> http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk
>
> Basically, it automatically blackhols via IPtables any host that fails a
> certain number of registration attempts in a given period.
Yeah we're actually rolling it out on all of our production servers, it's
a great application to run.
I'm working on some scripts to propagate the bans to the firewall so that
all of the servers get protected as soon as possible.
> [default]
> ; Send any unauthenticated calls to the local FBI office
> context=local-fbi-office
>
> I've got a honeypot server that pretty much accepts any calls that come
> through, and plays a "Thank you for calling the Telecommunications Fraud
> hotline. Please stay online for the next available representative." If
they
> stay online for more than 20 seconds, it connects them to an agent at the
> FBI that we have been working with.
>
> I've been meaning to add some code in that pulls out the originating IP
> address of the call and tells it to the agent when we call. :)
That would be great to have!
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
More information about the asterisk-biz
mailing list