[asterisk-users] FW: Under heavy attack
Cary Fitch
caryf at usawide.net
Mon Nov 1 14:55:18 CDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Here's my take on the attack... Sigh...
http://www.stuartsheldon.org/blog/2010/11/sip-brute-force-attacks-escalate-o
ver-halloween-weekend/
Stu
They were trolling for SIP account IDs, not really trying to register.
It was a coordinated bot or spoofed source attack not "The Halloween Club"
doing tricks.
Any small system should:
Use IPTABLES and block any parts of the world you don't need access to/from.
Start with any Class A address that is probing your system.
Make your SIP IDs 8-12 characters in length, and use at least alpha &
numerical characters, some special characters if you like a little more
variety.
bear3579
b3e5a7r9
Bear3579
La3579ke
Or more.
Do the same for passwords.
6543office
7659home
Etc.
Are these perfect? No, but they are human friendly, and require the
exploiter to hack a 16 to 24 character combination ID and Password that has
36 or more characters in the character set. Of course some dashes or
periods or commas or others can be added. And when you see an attack if it
isn't from a network on your planet, put the whole network in IPTABLES.
(And get the world country delegations for IP addresses and block all "not
on your planet.)
$.02
Cary Fitch
More information about the asterisk-users
mailing list