[asterisk-users] Is there a public blacklist of hackers' IPaddresses?

Wed Mar 25 18:09:23 CDT 2009

Thanks Gordon for your suggestions and advices. I changed the passwords same
day, and was monitoring my system very closely. I also use a non standard
port for SSH, and also plan to move my SIP port to a non standard one too in
future. At this time things are ok, but I know that this problem is growing
very fast, and hackers are after VoIP servers because they can do so much
with them. I had to present a seminar few weeks ago on VoIP Security
Threats, and while doing my own research, I was shocked to know how hackers
are misusing VoIP technology. We definitely need to come up with some really
good and effective solutions against these threats.

-- 
Zeeshan A Zakaria

On Tue, Mar 24, 2009 at 2:01 PM, Roderick A. Anderson <
raanders at cyber-office.net> wrote:

>
>
> Wilton Helm wrote:
> > If life were only that simple.  A lot of hacking passes through
> > unsuspecting intermediary computers, precisely to hide their tracks, not
> > to mention IP spoofing.  People have offered for sale access to 10,000
> > computers to use for propagating mischief.  That's a lot of IPs to block!
> >
> > I got hacked about six months ago.  They came in through SSH and figured
> > out roots password, which was a concatenation of two English words.  I
> > presume they did a dictionary search.
>
> I used to get hit very hard with these type of attacks (hundreds to
> thousands per day) on 25-30 servers until I added some iptables rules to
> REJECT the offending IP for 5 minutes after three unsuccessful attempts
> in 60 seconds.  The attacks typically have dropped to less than five per
> day.
>
> This means those that need access don't need to make _odd_ changes to
> standard programs' setting and the rules do allow a whitelisting of
> specific IPs.
>
>
> \\||/
> Rod
> --
> > Then they changed the password,
> > replaced some key files and launched a denial of service attack against
> > somebody (including compiling the program on my machine)!
> >
> > I traced the IP address to a Comcast customer in Indiana or something
> > and notified Comcast, but haven't heard anything.  Probably their
> > customer never even knew it happened--it was probably a hijacked
> situation.
> >
> > Prior to that I had been logging hundreds of robotic attacks a day that
> > were unsuccessful!
> >
> > I re-installed everything and changed my SSH to a non-standard port and
> > used a more robust password.  I haven't had a single hack attempt the
> > four months since.  For my purposes, I don't really need SSH on a
> > standard port.  That made all the difference in the world.
> >
> > Two areas that have had large hacker presences in the past:  Russia and
> > China.  A lot of E-Mail spam originates in those two areas, also.  I've
> > considered blocking the entire host domain for any provider generating
> > spam from those regions, as I have no legitimate business need to
> > correspond with people in those regions in general.  However, I suspect
> > it might block messages from a few users on this list, and I know it
> > would block at least one user from another list I am on.
> >
> > Wilton
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> >
> > asterisk-users mailing list
> > To UNSUBSCRIBE or update options visit:
> >    http://lists.digium.com/mailman/listinfo/asterisk-users
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20090325/70c9b656/attachment.htm 