[asterisk-biz] PBX Hacker IP List

Andrew M. Lauppe alauppe at anteil.com
Mon Mar 16 14:33:55 CDT 2009


You guys are completely on the right track. The only other thing I'd do 
is add some kind of logging system so that if an IP gets blacklisted, we 
can show WHY it got blacklisted. (X brute force attaches / second, etc - 
example passwords tried, etc.) This way if a system gets blocked that is 
legitimate, "we" can examine the evidence and see if the claims of 
legitimacy are valid etc.


Anteil, Inc. <http://www.anteil.com>
------------------------------------------------------------------------

*Andrew M. Lauppe
* /Consultant/
	
	4051B Executive Park Dr.
Harrisburg, PA 17111
------------------------------------------------------------------------
+1 (877) OS-LINUX x23
+1 (484) 421-9919 direct



Darren Wiebe wrote:
> JR Richardson wrote:
>   
>>> No matter how the system is set up there should be a way to easily add
>>> known-good IP as they relate to a particular installation.
>>>
>>>     
>>>       
>> The Project Honey Pot looks great.
>>
>> I'm not too keen on white listing though.  It would be hard to verify
>> an attacker's IP's that hasn't been identified as bad yet.  I'm sure
>> some hackers would troll the black list and try to add their IP's as
>> known good.  I don't think this would be some automated mechanism for
>> PBX server subscription, at least not yet.
>>
>> I'm thinking more along the lines of a central list, updated by
>> community participants, to add IP's that have attacked them, with
>> date/time of the attack.  It would be up to the PBX admin to employ a
>> filter with those black listed IP's or disregard the list all
>> together.
>>
>> Thanks
>>
>> JR
>>  --
>> JR Richardson
>> Engineering for the Masses
>>
>> _______________________________________________
>> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>>
>> asterisk-biz mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-biz
>>   
>>     
> This program is specific to SSH but we've been very, very happy with the 
> way that the denyhosts program works.  It shares a list of ip addresses 
> with a central server.  However, it's easy to add your own whitelist 
> that your system uses.  I envision the same sort of functionality here.
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-biz/attachments/20090316/4456ee4f/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Anteil_email.jpg
Type: image/jpeg
Size: 3436 bytes
Desc: not available
Url : http://lists.digium.com/pipermail/asterisk-biz/attachments/20090316/4456ee4f/attachment.jpg 


More information about the asterisk-biz mailing list