No subject
Fri Sep 2 03:59:05 CDT 2011
peat it is extremely dangerous to ban IP based on a suspicious UDP activity=
. The source IP of an UDP packet can be easily forged, so if you start usin=
g fail2ban or other blacklist=A0techniques, it can be very awesome to start=
sending bogus invite and let you blacklist all major SIP providers...<div>
<br></div><div>However I am using fail2ban on all my servers :-)</div><div>=
<br></div><div>Leandro<br><br><div class=3D"gmail_quote">2011/10/12 Jack Ho=
ney Pot <span dir=3D"ltr"><<a href=3D"mailto:jack at asteriskhoneypot.com">=
jack at asteriskhoneypot.com</a>></span><br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex;">Hi All,<br>
<br>
I'm not the first to try to start a VOIP blacklist but currently workin=
g
on a project for the next 12 hours, hopefully I can get it up soon.=20
What I intend to do is to work with a few reliable Harvester to gather=20
the logs. A simple script to parse it then extract the list of attackers
IP, compile them and send them out to the list.<br>
<br>
If=20
any of you are kind enough to zip and send me a=20
/var/log/asterisk/messages that contain hacker's scan & attack, it=
=20
will be helpful to my research. Do email me at <a href=3D"mailto:jack at aster=
iskhoneypot.com" target=3D"_blank">jack at asteriskhoneypot.com</a>
. Let me know if you are keen to be a harvester as well.Thanks.<br>
<br>
Regards,<br>
Jackster
<br>--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href=3D"http://www.api-digital.c=
om" target=3D"_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 <a href=3D"http://www.asterisk.org/hello" targ=
et=3D"_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
=A0 <a href=3D"http://lists.digium.com/mailman/listinfo/asterisk-users" ta=
rget=3D"_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a>=
<br></blockquote></div><br></div>
--00151774135e33109804af309209--
More information about the asterisk-users
mailing list