[asterisk-users] Under heavy attack
Stuart Sheldon
stu at actusa.net
Sat Oct 30 23:18:34 CDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 10/30/2010 08:25 PM, Warren Selby wrote:
> To me it seems the real question is "What is going on today?". I
> normally get eight to ten asterisk-related fail2ban alerts a day
> between a few client sites - today I've received at least 10 times
> that many attacks on just one site. These are all coming in from
> different ip addresses, a new one every few minutes. These addresses
> are located all across the globe. This seems like some kind of
> coordinated assault - maybe someone is activating a 'bot-net' for sip
> attacks?
We are seeing the same thing... It could be a bot-net, but it is a very
poorly organized attack. If is was a single bot-net, you would assume
that the systems would each pick a group of addresses, not all attack
the same addresses.
It could be an attempt to get a large number of systems blacklisted. If
someone was to spoof 1000s of addresses that cause operators to
black-list those addresses, they could knock quite a few systems off the
map. This could cause legitimate operators to get blocked, or, discredit
the current method used to detect and block SIP brute force attacks.
Just my two cents...
Stuart Sheldon
ACT USA
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJMzO4ZAAoJEFKVLITDJSGSXtcP/iS2/U/Yq+5qFL+L7SHBhvxD
NKgULJvYB/93pJspIF5GkX6Pknawa1hs2HLLErgZJkB0KRipSyauNMXiyPwwOpgt
GoP6lwe7mJOLKqO4beOf4yhqABNp7hWLuYhi3QR7M7G54aqcuzXQB4pg86Gq5eC/
okhwUgoft6QjAUAiAmsX/r/yHPbDm4CgxQ3Yf0GHUQrfFtiu65F1jDUCLIbyNkyI
qyC0XtLIjy+uZqC7Onuv2L3t8vKHpzItdWYPcke1wRKYTgBLLHh/9J6J1mSY0TBz
YqYSkvqKi/ObiL8f8rTC055eE5kZAtqqqDTfSCZ64mEWeYkEUbY5n0T4P9t603Wu
c4POUst2dsRkHbC9Ewb1e6zC83R0B/zJz5WvNSJ5JaaMSrUp9WzH9NCnVl74GnmW
BiDRFm3UMDtB+zKPGPZBShP+JBbbo3fGEzD4xKel+Qm5dv6iAGP1u//UvwcQtGjj
DeywFaMmaQKd9//3QT50W7MiYoGFFg+EkkIqleHxe8Uaj+kC7Zr3sbsTFmQ/i1D9
0JIcfO6kmHiIF18JHBz1KG+xSOMteVcwy61bwPa1lzQ2DlFS61dAOUVcV3G77WuI
pFRJajMqjGXV9YBHilemA7ODaWvVgscTCyGwOcYHMV8kZEyqX2uhLSJerQW/05LG
oL2jJzzdFRKfFX6pDQNV
=FQwn
-----END PGP SIGNATURE-----
More information about the asterisk-users
mailing list