[asterisk-biz] PBX Hacker IP List
voip-asterisk at maximumcrm.com
voip-asterisk at maximumcrm.com
Mon Mar 16 11:14:26 CDT 2009
> I would like to pool our resources and start an IP list of known PBX
> Hackers. As a US service provider I get hit pretty often with bots
> trying brute force username/password attacks, mostly coming form overseas.
> I had several attacks this weekend and it got me thinking about a list that
> could benefit the community. There was a great discussion about Asterisk
> security on the "PBX Got Hacked" thread over the past couple of weeks and
> someone did mention this type of list.
>
> I do not want to re-invent the wheel, is there such a list already
> established that I may contribute to? If not, I would not mind hosting a
> list on my website. I know there will be some particulars to be worked out,
> list format, qualifying list entries, how the list will be updated, removing
> entries, and items I haven't thought about.
I think a good starting point on how to handle this project would be
www.projecthoneypot.org
I don't think that there is an existing blacklist for Asterisk though
> Are there any legal pitfalls with hosting such a list?
IANAL, but you'll need a very strong disclaimer concerning the
risk of blocking good calls.
No matter how the system is set up there should be a way to easily add
known-good IP as they relate to a particular installation.
More information about the asterisk-biz
mailing list