asterisk users - Oct 2009 - app_hackblock to prevent SIP/IAX reg trolling

Has anyone written an app that monitors SIP/IAX registration attempts?  A
couple of clients are being flooded with SIP registrations (but the source
IP changes every few hours so IPtables won't do)..
 
I would think that any attempt to reg 5 times with a bad password should
cause a 5 minute timeout until reg is considered again.  Has anyone written
such an app?  The name app_hackblock is my contribution to the project :)
 
MD
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20091002/430ce298/attachment.htm

Michelle Dupuis wrote:
> Has anyone written an app that monitors SIP/IAX registration 
> attempts?  A couple of clients are being flooded with SIP 
> registrations (but the source IP changes every few hours so IPtables 
> won't do)..
>  
> I would think that any attempt to reg 5 times with a bad password 
> should cause a 5 minute timeout until reg is considered again.  Has 
> anyone written such an app?  The name app_hackblock is my contribution 
> to the project :)
You may want to take a look at this:

http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk

Doug

-- 
 
Ben Franklin quote:

"Those who would give up Essential Liberty to purchase a little Temporary
Safety, deserve neither Liberty nor Safety."

Couple of old posts:
http://lists.digium.com/pipermail/asterisk-users/2007-April/186195.html
http://lists.digium.com/pipermail/asterisk-users/2009-March/229479.html
http://lists.digium.com/pipermail/asterisk-users/2007-April/186456.html


On Fri, Oct 2, 2009 at 2:42 PM, Michelle Dupuis <support at ocg.ca>
wrote:
> Has anyone written an app that monitors SIP/IAX registration attempts?  A
> couple of clients are being flooded with SIP registrations (but the source
> IP changes every few hours so IPtables won't do)..
>
> I would think that any attempt to reg 5 times with a bad password should
> cause a 5 minute timeout until reg is considered again.  Has anyone written
> such an app?  The name app_hackblock is my contribution to the project :)
>
> MD
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>

On 14:42, Fri 02 Oct 09, Michelle Dupuis wrote:
> Has anyone written an app that monitors SIP/IAX registration attempts?  A
> couple of clients are being flooded with SIP registrations (but the source
> IP changes every few hours so IPtables won't do)..
>  
> I would think that any attempt to reg 5 times with a bad password should
> cause a 5 minute timeout until reg is considered again.  Has anyone written
> such an app?  The name app_hackblock is my contribution to the project :)
Right now, there's no such thing in asterisk.
fail2ban comes to mind to read the logs and automagically create
iptables/pf rules.

There has been a lot of discussion and brainstorming about this type of
things during astricon 2008. Maybe a google search will get you some
slides/ideas.

As far as I know, no code has been written yet.
-- 

Michiel van Baak
michiel at vanbaak.eu
http://michiel.vanbaak.eu
GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD

"Why is it drug addicts and computer aficionados are both called
users?"