[asterisk-users] Is there a public blacklist of hackers' IPaddresses?
Matt Riddell
lists at venturevoip.com
Thu Mar 26 14:16:34 CDT 2009
On 27/03/2009 3:32 a.m., randulo wrote:
> On Thu, Mar 26, 2009 at 2:38 PM, SIP<sip at arcdiv.com> wrote:
>> And so, in answer to your question, I don't think there ARE necessarily
>> steps that can be taken right now to ensure that there's a rational
>> approach to the resolution of such an issue of fraud. Barring some sort
>> of major legal precedent, it's going to be anyone's guess how the
>> verdict comes out in the end.
>
> Hence the need for all of us, everywhere to step up measures to
> prevent as much as possible, the unlawful use of a system. Maybe some
> kind of (optional modular) monitor or engine could be built for the
> asterisk platform to at least send alerts when it deduces suspicious
> activity?
There are a few options we use here.
1. Snort with SIP rules - detects brute forces, floods etc - just a
notification
2. fail2ban - blocks hosts who attack at the iptables level
3. exception reporting - our billing sends SMS messages if a customer
uses a lot more than their average spend - i.e. if they normally spend
$10 a month and they have just spent $20 in ten minutes then an SMS is
sent - while this isn't conclusive, it does warn you that something
might be going on.
--
Kind Regards,
Matt Riddell
Director
_______________________________________________
http://www.venturevoip.com (Great new VoIP end to end solution)
http://www.venturevoip.com/news.php (Daily Asterisk News - html)
http://www.venturevoip.com/newrssfeed.php (Daily Asterisk News - rss)
More information about the asterisk-users
mailing list