mattlandis Posted June 8, 2010 Report Posted June 8, 2010 I'm curious if there is a web based service that listed IP addresses blacklisted for SIP hacking attempts? It would be great if we could auto-submit and have our pbx be auto updated with others. Or am I out on a limb? Matt Quote
jlumby Posted June 9, 2010 Report Posted June 9, 2010 I have not heard of one, however it would be a great idea, just like the blacklists that you can query on your email server Quote
Vodia PBX Posted June 9, 2010 Report Posted June 9, 2010 Looking at IPv6, not sure how realistic that is in the world of plenty IP addresses. Quote
mattlandis Posted June 9, 2010 Author Report Posted June 9, 2010 the alternative appears to be each pbx admin creating a list on their own. why not share the data? ;-) i have to agree there are endless sources of attacks though. I alone have endless sources...! ;-) #1-is there any mechanism to import a list of IPs to black list into pbxnisp? #2-is there a simple way to block a specific country? Matt Quote
Vodia PBX Posted June 9, 2010 Report Posted June 9, 2010 the alternative appears to be each pbx admin creating a list on their own.why not share the data? ;-) The PBX is pretty quick blacklisting someone. After something like 10 attempts the address is already blacklisted and the damage is limited. If you want, you can forward the email about the blacklisting event to a clearing house. However, I believe it makes most sense to feed the firewall with these addresses, so that the PBX does not receive any traffic at all. Anyway, I believe the solution we have right now in version 4 is pretty okay and customers can run the system without worrying about someone taking the system down with a simple robot script. Quote
mattlandis Posted June 10, 2010 Author Report Posted June 10, 2010 yeah, i was thinking how that the firewall might be involved. matt Quote
jlumby Posted June 11, 2010 Report Posted June 11, 2010 While there may not be a simple way to block a specific country, for my version 3 installs, I went to http://www.arin.net to figure out the American networks, permitted them, and wrote a rule to block everything else at the firewall. The list is not that bad since they can be summarized into 8 bit masks. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.