[asterisk-dev] auto blacklisting "script kiddies"
Steve Langstaff
steve.langstaff at citel.com
Thu Apr 26 07:17:26 MST 2007
That might cause us pain - our Telephone VoIP Adapters use the same IP
address to register multiple phones (e.g. up to 24) and multiple lines
per phone (e.g. up to 25) albeit with different source port numbers.
> -----Original Message-----
> From: asterisk-dev-bounces at lists.digium.com
> [mailto:asterisk-dev-bounces at lists.digium.com] On Behalf Of
> Steve Kennedy
> Sent: 26 April 2007 15:08
> To: asterisk-dev at lists.digium.com
> Subject: [asterisk-dev] auto blacklisting "script kiddies"
>
> Would it not be a good idea if Asterisk would auto-blacklist
> single IP addresses that attempted multiple SIP or other
> registrations.
>
> The attacks I've seen seem to be scripted and aren't
> particularly clever, so an auto back-off system or just lock
> from that IP address after a particular number of
> registration attempts. This could be specified as a config
> variable (as in number of attempts before lock).
>
> Locked IP's could then be manually unlocked, or unlocked
> after a time period (or in combination, locked wait some
> time, unlock and if more attempts continue, lock for a longer
> time period etc).
>
> This isn't going to defeat any kind of serious attack, but
> would deter the script kiddies out there. It also potentially
> wont work for ITSPs etc, but for smaller installs it could be
> just the solution?
>
>
> Steve
>
> --
> NetTek Ltd UK mob +44-(0)7775 755503
> UK +44-(0)20 79932612 / US +1-(310)8577715 / Fax +44-(0)20
> 7483 2455 Skype/GoogleTalk/AIM/Gizmo/Mac stevekennedyuk / MSN
> steve at gbnet.net Euro Tech News Blog
> http://eurotechnews.blogspot.com
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
>
More information about the asterisk-dev
mailing list