Michelle Dupuis
2009-Oct-02 18:42 UTC
[asterisk-users] app_hackblock to prevent SIP/IAX reg trolling
Has anyone written an app that monitors SIP/IAX registration attempts? A couple of clients are being flooded with SIP registrations (but the source IP changes every few hours so IPtables won't do).. I would think that any attempt to reg 5 times with a bad password should cause a 5 minute timeout until reg is considered again. Has anyone written such an app? The name app_hackblock is my contribution to the project :) MD -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20091002/430ce298/attachment.htm
Doug Lytle
2009-Oct-02 18:51 UTC
[asterisk-users] app_hackblock to prevent SIP/IAX reg trolling
Michelle Dupuis wrote:> Has anyone written an app that monitors SIP/IAX registration > attempts? A couple of clients are being flooded with SIP > registrations (but the source IP changes every few hours so IPtables > won't do).. > > I would think that any attempt to reg 5 times with a bad password > should cause a 5 minute timeout until reg is considered again. Has > anyone written such an app? The name app_hackblock is my contribution > to the project :)You may want to take a look at this: http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk Doug -- Ben Franklin quote: "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."
Couple of old posts: http://lists.digium.com/pipermail/asterisk-users/2007-April/186195.html http://lists.digium.com/pipermail/asterisk-users/2009-March/229479.html http://lists.digium.com/pipermail/asterisk-users/2007-April/186456.html On Fri, Oct 2, 2009 at 2:42 PM, Michelle Dupuis <support at ocg.ca> wrote:> Has anyone written an app that monitors SIP/IAX registration attempts? A > couple of clients are being flooded with SIP registrations (but the source > IP changes every few hours so IPtables won't do).. > > I would think that any attempt to reg 5 times with a bad password should > cause a 5 minute timeout until reg is considered again. Has anyone written > such an app? The name app_hackblock is my contribution to the project :) > > MD > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > AstriCon 2009 - October 13 - 15 Phoenix, Arizona > Register Now: http://www.astricon.net > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
Michiel van Baak
2009-Oct-03 07:30 UTC
[asterisk-users] app_hackblock to prevent SIP/IAX reg trolling
On 14:42, Fri 02 Oct 09, Michelle Dupuis wrote:> Has anyone written an app that monitors SIP/IAX registration attempts? A > couple of clients are being flooded with SIP registrations (but the source > IP changes every few hours so IPtables won't do).. > > I would think that any attempt to reg 5 times with a bad password should > cause a 5 minute timeout until reg is considered again. Has anyone written > such an app? The name app_hackblock is my contribution to the project :)Right now, there's no such thing in asterisk. fail2ban comes to mind to read the logs and automagically create iptables/pf rules. There has been a lot of discussion and brainstorming about this type of things during astricon 2008. Maybe a google search will get you some slides/ideas. As far as I know, no code has been written yet. -- Michiel van Baak michiel at vanbaak.eu http://michiel.vanbaak.eu GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD "Why is it drug addicts and computer aficionados are both called users?"