[asterisk-users] SIP fraud IP blacklist
mitul at enterux.in
Fri Apr 11 13:43:58 CDT 2014
Looks nice, might start using it Stefan :)
On Friday, April 11, 2014, Stefan Gofferje <lists at home.gofferje.net> wrote:
> in case, anyone is interested...
> I have started compiling a blacklist of hosts and networks from which
> SIP fraud attempts occur.
> My criteria currently are:
> To block an IP:
> - Minimum 3 attacks within one week from the same IP
> To block a network:
> - Attacks from minimum 3 IPs from that network within 2 weeks
> Common criteria:
> - Provider does not react to complaints OR
> - Provider sends autoreply but attacks don't stop within a week
> Definition of attack:
> - Minimum 5 attempts to make an unauthorized phone call to a
> non-PBX-internal number OR
> - Minimum 10 attempts to make an unauthorized phone call to a
> PBX-internal number OR
> - Minimum 10 failed authentication attempts
> If this happens, the IP gets auto-banned (iptables) for 24 hours and
> goes to my watch list. The watch list is the base for my further decisions.
> Currently, I don't remove IPs or networks from the list. If I have time
> and/or motivation I might create some kind of removal process later -
> also, depending on how big the list gets and how many people use it.
> The list is yet pretty short but for me, it has reduced the noise on my
> PBX from 20-30 attacks per day to about 2 or 3 per week, especially
> after most of the Palestinian networks ended up on the list.
> You're free to use the list - own your own responsibility and risk. It's
> in the ipdeny.com format, so a simple script can be used to CURL the
> list and create iptables rules from it. A sample script for something
> like that is also on my website (check the Linux section).
> That's the website for the list:
> And that's the download URL:
> Note that the list is updated every 6h so polling it more often doesn't
> help anything. Please limit polling to once a day or so.
> (o_ Stefan Gofferje | SCLT, MCP, CCSA
> //\ Reg'd Linux User #247167 | VCP #2263
> V_/_ Heckler & Koch - the original point and click interface
Chief Architech & Founder,
Enterux Solutions Pvt. Ltd.
110 Reena Complex, Opp. Nathani Steel,
Vidyavihar (W), Mumbai - 400 086. India
email: mitul at enterux.in
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the asterisk-users