[asterisk-security] Honeypot Project
Victor Villarreal
mefhigoseth at gmail.com
Fri Oct 14 10:47:02 CDT 2011
Hi all.
First, for those who mentioned Fail2Ban and similar... We are talking about
realtime protection, a pro-active approuch, not re-acive solution.
Second, I think that this threat is a good place for comment an idea. What
if i modify at source code in channels/chan_sip.c the function
handle_request_register() in 1.4 branch to save in DB the IPs that produce a
registration failed, or fire a .sh that update the IPTables rules of the
machine....
Cheers.
-- 8< --
GnuPG Key ID: 0xD1233DCC
http://www.mefhigoseth.com.ar
Enviado desde mi Motorola Milestone 8G
...:::[ God Rulz ! ]:::...
El oct 12, 2011 2:51 p.m., "Jack Honey Pot" <jack at asteriskhoneypot.com>
escribió:
Hi All,
I'm not the first to try to start a VOIP blacklist but currently working on
a project for the next 12 hours, hopefully I can get it up soon. What I
intend to do is to work with a few reliable Harvester to gather the logs. A
simple script to parse it then extract the list of attackers IP, compile
them and send them out to the list.
If any of you are kind enough to zip and send me a
/var/log/asterisk/messages that contain hacker's scan & attack, it will be
helpful to my research. Do email me at jack at asteriskhoneypot.com . Let me
know if you are keen to be a harvester as well.Thanks.
Regards,
Jackster
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-security mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-security/attachments/20111014/33e56f12/attachment.htm>
More information about the asterisk-security
mailing list