[asterisk-dev] auto blacklisting "script kiddies"

Steve Kennedy steve-asterisk at gbnet.net
Thu Apr 26 08:16:35 MST 2007

On Thu, Apr 26, 2007 at 05:26:01PM +0300, Tzafrir Cohen wrote:

> Blocking is better done by the firewall. There are already a number of
> programs that adapt firwall or do whatever custom operation based on
> certain conditions in the log.
> Also: how simple is it to spoof a single packet for the purpose of
> banning an IP address? e.g.: me spoofing a false packet from your IP
> address to Gizmo.
> Are Asterisk's log well-suited for automated parsing by log parsers?

I'm suggesting it's done by Asterisk so logs wouldn't be parsed as, say,
a SIP registration came it, that would be checked. It's not to protect
against a well organised attack, just script kiddie brute


NetTek Ltd  UK mob +44-(0)7775 755503
UK +44-(0)20 79932612 / US +1-(310)8577715 / Fax +44-(0)20 7483 2455
Skype/GoogleTalk/AIM/Gizmo/Mac stevekennedyuk / MSN steve at gbnet.net
Euro Tech News Blog http://eurotechnews.blogspot.com

More information about the asterisk-dev mailing list