[asterisk-biz] Fraud alert
John Todd
jtodd at digium.com
Sun Mar 1 18:07:06 CST 2009
On Feb 27, 2009, at 1:04 PM, voip-asterisk at maximumcrm.com wrote:
>>> I'd suggest to everyone to ban that IP, it's been scanning our
>>> networks
>>> from time to time, in a sequential manner by IP.
>>
>> I've had really good luck with this:
>>
>> http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk
>>
>> Basically, it automatically blackhols via IPtables any host that
>> fails a
>> certain number of registration attempts in a given period.
>
> Yeah we're actually rolling it out on all of our production servers,
> it's
> a great application to run.
>
> I'm working on some scripts to propagate the bans to the firewall so
> that
> all of the servers get protected as soon as possible.
>
>> [default]
>> ; Send any unauthenticated calls to the local FBI office
>> context=local-fbi-office
>>
>> I've got a honeypot server that pretty much accepts any calls that
>> come
>> through, and plays a "Thank you for calling the Telecommunications
>> Fraud
>> hotline. Please stay online for the next available representative."
>> If they
>> stay online for more than 20 seconds, it connects them to an agent
>> at the
>> FBI that we have been working with.
>>
>> I've been meaning to add some code in that pulls out the
>> originating IP
>> address of the call and tells it to the agent when we call. :)
>
> That would be great to have!
This sounds very much like the framework I discussed at the last
astridevcon in September. I've had no time to work on it, but it
sounds like you're already making progress.
http://astridevcon.pbwiki.com/Network-Security-Framework
Would you be interested in making your work more integral to Asterisk,
so that it can be a generic security policy model for all channel
methods, starting with SIP? Or is the scrape-from-logfile method
sufficient for your needs?
JT
---
John Todd email:jtodd at digium.com
Digium, Inc. | Asterisk Open Source Community Director
445 Jan Davis Drive NW - Huntsville AL 35806 - USA
direct: +1-256-428-6083 http://www.digium.com/
More information about the asterisk-biz
mailing list