[asterisk-users] one for your filters

Wed Jun 23 14:38:23 CDT 2010

Not sure what kind of provision server you have there. But do not use 
http as your provision protocol. Use https instead.

Jian

Jeff LaCoursiere wrote:
> On Wed, 23 Jun 2010, Tarek Sawah wrote:
>
>   
>> you can start by simply telling us what is the purpose of your server.. 
>> and does it have long distance of overseas?? do you use Numeric 
>> usernames? simple passwords? passwords the same as your username? this 
>> way you can offer more info so we can help you.a quick answer will be.. 
>> opening a few and blocking ALL is easier.. as you can have upto 400 
>> prefix to block .. unless you call world wide.. then you will have to 
>> block the countries you don't call .. another option.. make your 
>> usernames more complex.. letters and numbers.. an additional option is 
>> to use fail2ban with Asterisk support.. it will block the IP after the 
>> number of attempts you set in the configs. a client of mine wanted 
>> simple usernames and passwords to be setup using the keypad on the 
>> ipphones.. two months ago they had the same problem you faced.. 400$ to 
>> Zimbabway .. and later on 1200$ to Zimbabway.. their provider have a 
>> limit of 30 minutes per call .. so the caller had to redial.. unless 
>> it's automated.still you can provide us with more info.Regards
>> -- Tarek Sawah
>>
>>     
>
> Well we run local dial tone service in the US Virgin Islands.  So our 
> customers are connecting with ATA's, various models of Polycom phones, and 
> SIP trunks from a custom PBX we sell to hotels and businesses.  They 
> connect from dynamic addresses most of the time, so we cannot apply any IP 
> based filters to their accounts, though we may be able to restrict them to 
> certain IP blocks.  I'd rather not, since the upkeep would be quite a 
> hassle, and would remove their ability to take their ATAs traveling.
>
> Our SIP usernames are their seven digit phone numbers, which may have been 
> a bad choice, but most of the brute force attacks we have witnessed are 
> trying combinations of 3 digit extension numbers.  I haven't seen anyone 
> try a brute force attack with 7 digits.  The passwords are seven char 
> auto-generated alpha-numeric "gibberish", and it seems rather unlikely to 
> me that this account was broken by brute force trial and error.  I'm still 
> investigating other methods... like perhaps they broke into my server 
> first and found the provisioning files.  That would be bad.
>
> All of that aside - I know there are various things I can do to tighten up 
> our SIP security.
>
> My question was more geared towards what do people do to keep their 
> customers or employees from dialing toll numbers worldwide?  I cannot 
> restrict my customers to calling a set of countries.  But I would feel 
> justified in blocking toll numbers that I don't have a way of billing 
> back.  I just don't know where to start to build such a filter list. 
> Surely other ITSPs have had to deal with this issue - fraud situations or 
> not.  The US is easy - all toll numbers start with 1-900 (I think :). 
> Other countries are not so straightforward I understand.
>
> Has anyone else tackled this problem?
>
> Thanks,
>
> j
>
>
>
>   

-- 
Jian Gao
IT Technician
SJ Geophysics Ltd. <http://www.sjgeophysics.com>
jian.gao at sjgeophysics.com <mailto:jian.gao at sjgeophysics.com>
Tel: (604)582-1100