[asterisk-users] Being attacked by an Amazon EC2
JR Richardson
jmr.richardson at gmail.com
Mon Apr 12 16:58:42 CDT 2010
>>> Perhaps if there was a Asterisk RBL we could all contribute to; for
>>> which we could then hook into and drop any connection where a
>>> source IP is listed ? -- Thanks, Phil
>>>
>>
>> I love the idea of a RBL... count me in for contributing.
>>
>> Especially considering the ridiculous response I received from
>> Amazon. (Basically told me to submit host, destination, port, proto,
>> and log... which of course was already included in the original
>> complaint)
>
> I don't think anyone else brought up the Spamhaus DROP project. It's a
> blacklist of IP addresses and address ranges which are known to ONLY be
> used for malicious purposes.
>
> http://www.spamhaus.org/drop/
>
> We could establish something similar to that for VOIP attacks. It may
> not be exactly a trivial system to maintain such a list. (removing IP's
> after X amount of time, disputing false claims etc). Maybe someone
> could contact spamhaus to create a list for VOIP since they seem to have
> a nice system in place?
>
Hi All, good discussion, similar to ones we had a year or so ago. The
RBL concept is valid, at least to get a repository going that list
malicious activity specific to SIP attacks.
n
I worked with Project Honeypot guys for a while, they are more than
willing to assist, as they already have the backend work done for a
clearing house identifying hackers. The biggest issue we had a year
ago was to create the mechanism in asterisk to push valid log messages
out to the database and then determine what to do with that data?
I tried to bridge the gap between a few Asterisk developers and the
Honeypot developers, ultimately the project stalled and I got busy
with other matters. If anyone here would like to pick up the torch
and move this along, I can certainly provide info on how far along we
got and contact info for the parties involved.
Please contact me if you have time to work on this and are interested.
I'm sure the Project Honeypot guys will be willing to pick this
project back up and work on it.
Thanks.
JR
--
JR Richardson
Engineering for the Masses
More information about the asterisk-users
mailing list