Displaying 20 results from an estimated 10000 matches similar to: "SIP Blacklisting"
2014 Jun 17
3
RFE: dnsbl-support for dovecot
after having my own dnsbl feeded by a honeypot and even
mod_security supports it for webservers i think dovecot
sould support the same to prevent dictionary attacks from
known bad hosts, in our case that blacklist is 100%
trustable and blocks before SMTP-Auth while normal RBL's
are after SASL
i admit that i am not a C/C++-programmer, but i think
doing the DNS request and in case it has a
2010 Aug 18
3
Playing with sipvicious ..
... using it as a tool and understanding what it does...
So one part of it's toolset identifys valid SIP accounts - and I was under
the impression that alwaysauthreject=yes was supposed to stop this...
However, it sends a request for a highly probably non-existent account,
then sends requests for probably existing accounts and I guess compares
the results - account not found vs. bad
2015 Mar 04
4
IP drop list
On 03/03/2015 11:03 PM, Earl Killian wrote:
> On 2015/3/2 10:03, Reindl Harald wrote:
>>
>> that is all nice
>>
>> but the main benefit of RBL's is always ignored:
>>
>> * centralized
>> * no log parsing at all
>> * honeypot data are "delivered" to any host
>> * it's cheap
>> * it's easy to maintain
>> * it
2013 Jan 02
8
Auto ban IP addresses
Greetings all,
I have been seeing a lot of
[Jan 2 16:36:31] NOTICE[7519]: chan_sip.c:23149 handle_request_invite:
Sending fake auth rejection for device
100<sip:100 at 108.161.145.18>;tag=2e921697
in my logs lately. Is there a way to automatically ban IP address from
attackers within asterisk ?
Thank you
2015 Mar 02
6
IP drop list
Am 02.03.2015 um 18:56 schrieb Robert Schetterer:
> perhaps and i mean really "perhaps" go this way
>
> https://sys4.de/de/blog/2014/03/27/fighting-smtp-auth-brute-force-attacks/
>
> https://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-und-iptables-recent-modul-abwehren/
>
> 45K+ IPs will work in a recent table
> i have them too but for smtp only like
>
>
2010 Apr 12
2
Being attacked by an Amazon EC2
>>> Perhaps if there was a Asterisk RBL we could all contribute to; for
>>> which we could then hook into and drop any connection where a
>>> source IP is listed ? -- Thanks, Phil
>>>
>>
>> I love the idea of a RBL... count me in for contributing.
>>
>> Especially considering the ridiculous response I received from
>> Amazon.
2017 Mar 28
2
SipVicious scans getting through iptables firewall - but how?
My firewall and asterisk pjsip config only has "permit" options for my
ITSP's (SIP trunk) IPs.
Here's the script that sets it up.
--------------------------------------------------
#!/bin/bash
EXIF="eth0"
/sbin/iptables --flush
/sbin/iptables --policy INPUT DROP
/sbin/iptables --policy OUTPUT ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m
2008 Jun 12
2
Request for added functionality - tracking and blocking attacks
Somebody please forward this, if this is not an appropiate place
to ask the OpenSSH developers for a new feature.
As many of us have seen, any sshd left open on the internet eventually
becomes the target of password guessing attacks. I am aware of
tools for scanning the security logs, and manipulating iptables to
block ongoing attacks, but I am not aware of a way to configure
sshd itself to
2006 Aug 25
2
Auto-blacklisting hosts after too many failed logins
Hi folks,
first of all thanks for Dovecot, I appreciate it a lot.
On one of our servers, we experience regular tries to brute force
logins, probably based on harvested mail addresses. Now I wonder if
dovecot has or could in future have some mechanism to blacklist
remote IP addresses after a configurable number of failures to login
to any account.
Blacklisted IPs could simply be disconnected
2010 Jun 24
2
Friday at 1PM: SIPVicious has a new tool: svcrash
Hi,
Got some great news a few days ago from Sandro Gauci (@SandroGauci)
and we'll be talking about this with him this Friday at 1PM.
SIPVicious, the free security tools for SIP scanning, now include a
new tool: svcrash. It is aimed at helping system administrators stop
bandwidth consuming scans making
use of svwar and svcrack. Here is the announcement on SIPViscious blog:
2010 Mar 12
3
how to monitor,or be notified of email blacklisting ?
Hi,
Does anyone know how I can monitor our server's for blacklisting? We
run a large amount of shared hosting & reseller hosting servers and
from time to time one of the IP's will get blacklisted. I'm looking
for a way to be notified if any of our IP's get blacklisted. Is this
possible?
--
Kind Regards
Rudi Ahlers
SoftDux
Website: http://www.SoftDux.com
Technical Blog:
2004 Oct 24
5
Automatic blacklisting.
Hi,
Is there any way to automatically block all traffic from IP''s that try
more than X number of blocked ports for a preset amount of time?
The log I get every morning seems to be getting bigger and bigger with
port scans and attempts to access various services, it would be nice if
these IP''s could be automatically blocked for like a week or two..
I wouldn''t want
2015 Mar 02
6
IP drop list
Dave McGuire writes:
>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
>>
>> then setup fail2ban to manage extrafields
>
> Now that's a very interesting idea, thank you! I will investigate this.
If you don't expect yor firewall to handle 45K+ IPs, I'm not how you
expect dovecot will handle a comma separated string with 45K+ entries
any
2004 Dec 14
5
Dynamic blacklisting
Does anyone know of a script that can act as a
"helper" for Shorewall''s dynamic blacklist
capabilities?
Briefly said, I''d like to know if someone already
wrote a script/program that, e.g., parses log files
(/var/log/messages, etc) and picks up for example all
IP addresses that failed SSH login more than X times
and then executes a command such as
shorewall drop
2019 Apr 12
1
Mail account brute force / harassment
On Fri, 12 Apr 2019, mj wrote:
> What we do is: use https://github.com/trick77/ipset-blacklist to block IPs
> (from various existing blacklists) at the iptables level using an ipset.
"www.blocklist.de" is a nifty source. Could you suggest other publically
available blacklists?
> That way, the known bad IPs never even talk to dovecot, but are dropped
> immediately. We
2017 Jun 28
10
ransomware etc
Hi all,
Just out of curiosity: is there anything we can do, on the samba side,
to counter the recent ransomware attacks? (or limit the damage done)
I'm thinking like: limit the number of files per second a client
(workstation) is allowed to edit, or some other smart tricks..?
It would be nice if samba could be an extra layer of defense.
Something perhaps a vfs module could help with..?
2000 Aug 21
4
[OT but please read] ORBS blacklisting ns1.samba.org
Some lists and emails are distributed via ns1.samba.org. For those of
you that use ORBS, you'll find it is blacklisted now. There is no
mention of it on the website and it doesn't return a positive when you
enter it for testing but it has slipped into the ORBS blacklist
somewhere.
Samba.org admins may wish to force all ns1 outbound email via another
netblock, bringing it up to ORBS only
2017 Nov 15
4
How to blacklist a device driver (sysemd)
Hi,
how can a specific device driver in CentOS 7 be blacklisted, so that it
doesn't load at boot time? We have Infiniband adapters which are not
completely supported by CentOS and we want to silence the error messages
for the time being.
I tried with the files
/etc/modprobe.d/blacklist
/etc/modprobe.d/blacklist.conf
and with entries
mlx5_core
mlx5_ib
blacklist
2016 Sep 21
1
ipset and blacklisting
-------- Original Message --------
Subject: Re: [CentOS] ipset and blacklisting
From: "Albert McCann" <mac358 at newsguy.com>
Date: Wed, September 21, 2016 5:34 am
To: "'CentOS mailing list'" <centos at centos.org>
How are you saving and reloading the ipsets over a reboot?
> -----Original Message-----
> From: centos-bounces at centos.org
2019 Apr 12
2
Mail account brute force / harassment
On 12/04/2019 08:42, Aki Tuomi via dovecot wrote:
> On 12.4.2019 10.34, James via dovecot wrote:
>> On 12/04/2019 08:24, Aki Tuomi via dovecot wrote:
>>
>>> Weakforced uses Lua so you can easily integrate DNSBL support into it.
>> How does this help Dovecot block?
>> A link to some documentation or example perhaps?
>>
>>
>