[asterisk-users] FW: Under heavy attack

dotnetdub dotnetdub at gmail.com
Mon Nov 1 17:27:30 CDT 2010


On 1 November 2010 21:20, Steve Edwards <asterisk.org at sedwards.com> wrote:

> On Mon, 1 Nov 2010, Cary Fitch wrote:
>
> > Any small system should:
> >
> > Use IPTABLES and block any parts of the world you don't need access
> > to/from. Start with any Class A address that is probing your system.
> >
> > Make your SIP IDs 8-12 characters in length, and use at least alpha &
> > numerical characters, some special characters if you like a little more
> > variety.
> >
> > bear3579
> > b3e5a7r9
> > Bear3579
> > La3579ke
> >
> > Or more.
> >
> > Do the same for passwords.
> >
> > 6543office
> > 7659home
>
> How about:
>
>        echo cary+<salt> | sha1sum
>
> where <salt> is something only you know.
>
> > And when you see an attack if it isn't from a network on your planet,
> > put the whole network in IPTABLES.
> >
> > (And get the world country delegations for IP addresses and block all
> > "not on your planet.)
>
> (Ever do something you think may get you 'roasted'? I'm getting that
> feeling right now...)
>
> I've just created a "resource" on voip-info.org that contains all of the
> allocated class A IP address blocks by Regional Internet Registry in
> 'iptables' format. Please don't apply this list in it's entirety without
> understanding that you will be blocking a LOT of potential [ab]users.
>
> http://www.voip-info.org/wiki/view/allocated-class-a-ip-address-blocks
>
> So you can 'pick and choose' which parts of the world you want to
> communicate with.
>
> It's a pretty broad brush and I'm sure it could use some refinement and
> correction, but attempts on my client's systems have just about
> evaporated.
>
> --
>
>
I know there was talk on VUC recently about some kind of realtime RBL for
SIP. Has anything progressed?

It would be SO easy for asterisk users to contribute to a blacklist and also
do a lookup in realtime to see if an IP has been blacklisted.
 A little bit of joined up thinking in the community could eliminate this
issue. Would also be another major + for Asterisk as a platform..

Regards
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101101/1612b67f/attachment.htm 


More information about the asterisk-users mailing list