[asterisk-dev] auto blacklisting "script kiddies"

Steve Kennedy steve-asterisk at gbnet.net
Thu Apr 26 07:08:19 MST 2007

Would it not be a good idea if Asterisk would auto-blacklist single IP
addresses that attempted multiple SIP or other registrations.

The attacks I've seen seem to be scripted and aren't particularly
clever, so an auto back-off system or just lock from that IP address
after a particular number of registration attempts. This could be
specified as a config variable (as in number of attempts before lock).

Locked IP's could then be manually unlocked, or unlocked after a time
period (or in combination, locked wait some time, unlock and if more
attempts continue, lock for a longer time period etc).

This isn't going to defeat any kind of serious attack, but would deter
the script kiddies out there. It also potentially wont work for ITSPs
etc, but for smaller installs it could be just the solution?


NetTek Ltd  UK mob +44-(0)7775 755503
UK +44-(0)20 79932612 / US +1-(310)8577715 / Fax +44-(0)20 7483 2455
Skype/GoogleTalk/AIM/Gizmo/Mac stevekennedyuk / MSN steve at gbnet.net
Euro Tech News Blog http://eurotechnews.blogspot.com

More information about the asterisk-dev mailing list