it is extremely dangerous to ban IP based on a suspicious UDP activity. The
source IP of an UDP packet can be easily forged, so if you start using
fail2ban or other blacklist techniques, it can be very awesome to start
sending bogus invite and let you blacklist all major SIP providers...
However I am using fail2ban on all my servers :-)
Leandro
2011/10/12 Jack Honey Pot <jack at asteriskhoneypot.com>
> Hi All,
>
> I'm not the first to try to start a VOIP blacklist but currently
working on
> a project for the next 12 hours, hopefully I can get it up soon. What I
> intend to do is to work with a few reliable Harvester to gather the logs. A
> simple script to parse it then extract the list of attackers IP, compile
> them and send them out to the list.
>
> If any of you are kind enough to zip and send me a
> /var/log/asterisk/messages that contain hacker's scan & attack, it
will be
> helpful to my research. Do email me at jack at asteriskhoneypot.com . Let
me
> know if you are keen to be a harvester as well.Thanks.
>
> Regards,
> Jackster
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
--00151774135e33109804af309209
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable