<p>Hi all.</p>
<p>First, for those who mentioned Fail2Ban and similar... We are talking about realtime protection, a pro-active approuch, not re-acive solution.</p>
<p>Second, I think that this threat is a good place for comment an idea. What if i modify at source code in channels/chan_sip.c the function handle_request_register() in 1.4 branch to save in DB the IPs that produce a registration failed, or fire a .sh that update the IPTables rules of the machine....</p>
<p>Cheers.</p>
<p>-- 8< -- <br>
GnuPG Key ID: 0xD1233DCC<br>
<a href="http://www.mefhigoseth.com.ar">http://www.mefhigoseth.com.ar</a><br>
Enviado desde mi Motorola Milestone 8G<br>
...:::[ God Rulz ! ]:::...</p>
<p><blockquote type="cite">El oct 12, 2011 2:51 p.m., "Jack Honey Pot" <<a href="mailto:jack@asteriskhoneypot.com">jack@asteriskhoneypot.com</a>> escribió:<br><br>Hi All,<br>
<br>
I'm not the first to try to start a VOIP blacklist but currently working
on a project for the next 12 hours, hopefully I can get it up soon.
What I intend to do is to work with a few reliable Harvester to gather
the logs. A simple script to parse it then extract the list of attackers
IP, compile them and send them out to the list.<br>
<br>
If
any of you are kind enough to zip and send me a
/var/log/asterisk/messages that contain hacker's scan & attack, it
will be helpful to my research. Do email me at <a href="mailto:jack@asteriskhoneypot.com" target="_blank">jack@asteriskhoneypot.com</a>
. Let me know if you are keen to be a harvester as well.Thanks.<br>
<br>
Regards,<br>
Jackster
<br>--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-security mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-security" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-security</a><br></blockquote></p>