[asterisk-biz] Fraud alert

John Todd jtodd at digium.com
Sun Mar 1 18:07:06 CST 2009 

On Feb 27, 2009, at 1:04 PM, voip-asterisk at maximumcrm.com wrote:

>>> I'd suggest to everyone to ban that IP, it's been scanning our  
>>> networks
>>> from time to time, in a sequential manner by IP.
>>
>> I've had really good luck with this:
>>
>> http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk
>>
>> Basically, it automatically blackhols via IPtables any host that  
>> fails a
>> certain number of registration attempts in a given period.
>
> Yeah we're actually rolling it out on all of our production servers,  
> it's
> a great application to run.
>
> I'm working on some scripts to propagate the bans to the firewall so  
> that
> all of the servers get protected as soon as possible.
>
>> [default]
>> ; Send any unauthenticated calls to the local FBI office
>> context=local-fbi-office
>>
>> I've got a honeypot server that pretty much accepts any calls that  
>> come
>> through, and plays a "Thank you for calling the Telecommunications  
>> Fraud
>> hotline. Please stay online for the next available representative."  
>> If they
>> stay online for more than 20 seconds, it connects them to an agent  
>> at the
>> FBI that we have been working with.
>>
>> I've been meaning to add some code in that pulls out the  
>> originating IP
>> address of the call and tells it to the agent when we call. :)
>
> That would be great to have!



This sounds very much like the framework I discussed at the last  
astridevcon in September.  I've had no time to work on it, but it  
sounds like you're already making progress.

   http://astridevcon.pbwiki.com/Network-Security-Framework

Would you be interested in making your work more integral to Asterisk,  
so that it can be a generic security policy model for all channel  
methods, starting with SIP?  Or is the scrape-from-logfile method  
sufficient for your needs?

JT


---
John Todd                       email:jtodd at digium.com
Digium, Inc. | Asterisk Open Source Community Director
445 Jan Davis Drive NW -  Huntsville AL 35806  -   USA
direct: +1-256-428-6083         http://www.digium.com/

More information about the asterisk-biz mailing list