<br><br><div class="gmail_quote">On 1 November 2010 21:20, Steve Edwards <span dir="ltr"><<a href="http://asterisk.org">asterisk.org</a>@<a href="http://sedwards.com">sedwards.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On Mon, 1 Nov 2010, Cary Fitch wrote:<br>
<br>
> Any small system should:<br>
><br>
> Use IPTABLES and block any parts of the world you don't need access<br>
> to/from. Start with any Class A address that is probing your system.<br>
><br>
> Make your SIP IDs 8-12 characters in length, and use at least alpha &<br>
> numerical characters, some special characters if you like a little more<br>
> variety.<br>
><br>
> bear3579<br>
> b3e5a7r9<br>
> Bear3579<br>
> La3579ke<br>
><br>
> Or more.<br>
><br>
> Do the same for passwords.<br>
><br>
> 6543office<br>
> 7659home<br>
<br>
</div>How about:<br>
<br>
echo cary+<salt> | sha1sum<br>
<br>
where <salt> is something only you know.<br>
<div class="im"><br>
> And when you see an attack if it isn't from a network on your planet,<br>
> put the whole network in IPTABLES.<br>
><br>
> (And get the world country delegations for IP addresses and block all<br>
> "not on your planet.)<br>
<br>
</div>(Ever do something you think may get you 'roasted'? I'm getting that<br>
feeling right now...)<br>
<br>
I've just created a "resource" on <a href="http://voip-info.org" target="_blank">voip-info.org</a> that contains all of the<br>
allocated class A IP address blocks by Regional Internet Registry in<br>
'iptables' format. Please don't apply this list in it's entirety without<br>
understanding that you will be blocking a LOT of potential [ab]users.<br>
<br>
<a href="http://www.voip-info.org/wiki/view/allocated-class-a-ip-address-blocks" target="_blank">http://www.voip-info.org/wiki/view/allocated-class-a-ip-address-blocks</a><br>
<br>
So you can 'pick and choose' which parts of the world you want to<br>
communicate with.<br>
<br>
It's a pretty broad brush and I'm sure it could use some refinement and<br>
correction, but attempts on my client's systems have just about<br>
evaporated.<br>
<font color="#888888"><br>
--<br></font><div><div class="h5"><br></div></div></blockquote><div><br></div><div>I know there was talk on VUC recently about some kind of realtime RBL for SIP. Has anything progressed?</div><div><br></div><div>It would be SO easy for asterisk users to contribute to a blacklist and also do a lookup in realtime to see if an IP has been blacklisted.</div>
<div> A little bit of joined up thinking in the community could eliminate this issue. Would also be another major + for Asterisk as a platform..</div><div><br></div><div>Regards</div><div>Brian</div><div> </div></div><br>