One trick you can do is to accept all calls into the dial plan and then do IP
lookups and call pattern checks to determine if the call is good to go past your
sidewalk code. You need to make sure this code is very efficient so that you
can lock out bogus callers and attackers. If you use this in conjugation with
something like failtoban or some kind of auto firewall scripts you can then trap
CDR's at a level before you do a full block. You can also do some tarpit
style handling to slow down hackers as well.
A second approach is to inject good registered peers into your valid sections of
dialplan and do a general catch all context that will accept from anyone even
non registered but goes no where. You can stick your failtoban here as well. You
can create logging and tarpiting. Setup bogus calls to audio files that will
confuse the crap out of the hackers so they think they have good routes and you
can gather stats on where and what kind of attacks are comming at you. If you
control their entry point you can better control the load on your network until
you can ban them off.
There are lot's of possiblites if you think out side the box.
Bryant Zimmerman
----------------------------------------
From: "Danny Nicholas" <danny at debsinc.com>
Sent: Friday, August 24, 2012 9:16 AM
To: "Asterisk Users Mailing List - Non-Commercial Discussion"
<asterisk-users at lists.digium.com>
Subject: Re: [asterisk-users] Log faulty calls?
Actually, you could look for WARNING or ERROR and probably find what you
needed. From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Stefan at WPF
Sent: Friday, August 24, 2012 8:14 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Log faulty calls? Thank you Danny, but the
problem is that I don't know what exactly I shall look for. I think
there's no specific word in the log that clearly identifies this kind of
problem? ): 2012/8/24 Danny Nicholas <danny at debsinc.com> Not the
best solution, but you could do a "quick and dirty" crawler to query
/var/log/asterisk/full in PHP or PERL or your language of choice. Even in a
4K-5K calls per day environment this process usually takes less than 1 minute to
run. From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Stefan at WPF
Sent: Friday, August 24, 2012 7:43 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: [asterisk-users] Log faulty calls? If somebody is calling me using a
wrong configured SIP phone, he gets back an error message from my Asterisk
server. That's ok, however I'd also like to know that I missed a call.
However there's no CDR entry created in that case and checking the asterisk
logs manually is not that great... Any way to get CDR records (or any other way
of noticing it) even if a call gets declined through to a wrong configured sip
phone? Thanks and best regards Stefan --
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20120824/a9dddf72/attachment-0001.htm>