[asterisk-users] Is there a public blacklist of hackers' IPaddresses?

Roderick A. Anderson raanders at cyber-office.net
Tue Mar 24 13:01:27 CDT 2009 


Wilton Helm wrote:
> If life were only that simple.  A lot of hacking passes through 
> unsuspecting intermediary computers, precisely to hide their tracks, not 
> to mention IP spoofing.  People have offered for sale access to 10,000 
> computers to use for propagating mischief.  That's a lot of IPs to block!
>  
> I got hacked about six months ago.  They came in through SSH and figured 
> out roots password, which was a concatenation of two English words.  I 
> presume they did a dictionary search. 

I used to get hit very hard with these type of attacks (hundreds to 
thousands per day) on 25-30 servers until I added some iptables rules to 
REJECT the offending IP for 5 minutes after three unsuccessful attempts 
in 60 seconds.  The attacks typically have dropped to less than five per 
day.

This means those that need access don't need to make _odd_ changes to 
standard programs' setting and the rules do allow a whitelisting of 
specific IPs.


\\||/
Rod
-- 
> Then they changed the password, 
> replaced some key files and launched a denial of service attack against 
> somebody (including compiling the program on my machine)!
>  
> I traced the IP address to a Comcast customer in Indiana or something 
> and notified Comcast, but haven't heard anything.  Probably their 
> customer never even knew it happened--it was probably a hijacked situation.
>  
> Prior to that I had been logging hundreds of robotic attacks a day that 
> were unsuccessful!
>  
> I re-installed everything and changed my SSH to a non-standard port and 
> used a more robust password.  I haven't had a single hack attempt the 
> four months since.  For my purposes, I don't really need SSH on a 
> standard port.  That made all the difference in the world.
>  
> Two areas that have had large hacker presences in the past:  Russia and 
> China.  A lot of E-Mail spam originates in those two areas, also.  I've 
> considered blocking the entire host domain for any provider generating 
> spam from those regions, as I have no legitimate business need to 
> correspond with people in those regions in general.  However, I suspect 
> it might block messages from a few users on this list, and I know it 
> would block at least one user from another list I am on.
>  
> Wilton
>  
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users

More information about the asterisk-users mailing list