[asterisk-users] FW: Under heavy attack
Steve Edwards
asterisk.org at sedwards.com
Mon Nov 1 16:20:12 CDT 2010
On Mon, 1 Nov 2010, Cary Fitch wrote:
> Any small system should:
>
> Use IPTABLES and block any parts of the world you don't need access
> to/from. Start with any Class A address that is probing your system.
>
> Make your SIP IDs 8-12 characters in length, and use at least alpha &
> numerical characters, some special characters if you like a little more
> variety.
>
> bear3579
> b3e5a7r9
> Bear3579
> La3579ke
>
> Or more.
>
> Do the same for passwords.
>
> 6543office
> 7659home
How about:
echo cary+<salt> | sha1sum
where <salt> is something only you know.
> And when you see an attack if it isn't from a network on your planet,
> put the whole network in IPTABLES.
>
> (And get the world country delegations for IP addresses and block all
> "not on your planet.)
(Ever do something you think may get you 'roasted'? I'm getting that
feeling right now...)
I've just created a "resource" on voip-info.org that contains all of the
allocated class A IP address blocks by Regional Internet Registry in
'iptables' format. Please don't apply this list in it's entirety without
understanding that you will be blocking a LOT of potential [ab]users.
http://www.voip-info.org/wiki/view/allocated-class-a-ip-address-blocks
So you can 'pick and choose' which parts of the world you want to
communicate with.
It's a pretty broad brush and I'm sure it could use some refinement and
correction, but attempts on my client's systems have just about
evaporated.
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
More information about the asterisk-users
mailing list