[App_rpt-users] SIP bots, hack attempts?

Randy Hammock rhammock.hur at gmail.com
Tue May 22 18:36:03 UTC 2012 

Try this link: http://freecode.com/projects/iptables-country-block There
are sites that discuss using these scripts.

On Tue, May 22, 2012 at 10:32 AM, Don Hackler <donh at sigma.net> wrote:

> I'm using fail2ban as well.  What utility do you use to block entire
> countries?  I have a herd of asterisk servers that could use this.
>
>
> On May 22, 2012, at 10:24 AM, Randy Hammock wrote:
>
> I don't run SIP on my Allstar node; however, I do have an Asterisk PBX
> that does run SIP. I took a two pronged approach. I use use fail2ban to
> lockout SIP bots that try to connect. I run another utility that is used to
> block entire countries. Both utilities use iptables to perform the blocking
> which use a few resources as possible. I occasionally analyze my log files
> to see where major attempts come from and adjust the blocks from there. I
> would like to block everything but allow just the locations desired;
> however, the allowed location are all on ISP DHCP addresses. The above have
> greatly reduced the amount of bogus traffic on the server.
>
> On Sun, May 20, 2012 at 8:43 PM, George Csahanin <george at dyb.com> wrote:
>
>> **
>> Well, glad to know it isn't just me. And how many milliseconds did this
>> all take. That's what always amazes me. How quickly the logins come, five
>> to ten a second.
>>
>> GeorgeC
>> W2DB
>> 2360/2428/28599
>>
>>
>> ----- Original Message -----
>> *From:* Tony Youngblood <k5try73 at gmail.com>
>> *To:* app_rpt-users at ohnosec.org
>> *Sent:* Sunday, May 20, 2012 9:13 PM
>> *Subject:* [App_rpt-users] SIP bots, hack attempts?
>>
>> Interesting discussion I had about sip hacks I had so I checked my log.
>> Any details, advice, insight?
>>
>> file is 71,073,169 big!
>>
>> [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fu-min"<
>> sip:fu-min at 108.238.216.11 <fu-min at 108.238.216.11>>' failed for '
>> 95.211.167.69' - No matching peer found
>> [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fu-tze"<
>> sip:fu-tze at 108.238.216.11>' failed for '95.211.167.69' - No matching
>> peer found
>> [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fu-yeung"<
>> sip:fu-yeung at 108.238.216.11>' failed for '95.211.167.69' - No matching
>> peer found
>> [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fugwo"<
>> sip:fugwo at 108.238.216.11>' failed for '95.211.167.69' - No matching peer
>> found
>> [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fuarnibol"<
>> sip:fuarnibol at 108.238.216.11>' failed for '95.211.167.69' - No matching
>> peer found
>> [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fuat"<
>> sip:fuat at 108.238.216.11>' failed for '95.211.167.69' - No matching peer
>> found
>> [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fubler"<
>> sip:fubler at 108.238.216.11>' failed for '95.211.167.69' - No matching
>> peer found
>> [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from
>> '"fuccellaro"<sip:fuccellaro at 108.238.216.11>' failed for '95.211.167.69'
>> - No matching peer found
>> [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from
>> '"fuchsberger"<sip:fuchsberger at 108.238.216.11>' failed for '95.211.167.69'
>> - No matching peer found
>> [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from
>> '"fuck-me-over-some-more"<sip:fuck-me-over-some-more at 108.238.216.11>'
>> failed for '95.211.167.69' - No matching peer found
>> [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fucktool"<
>> sip:fucktool at 108.238.216.11>' failed for '95.211.167.69' - No matching
>> peer found
>> [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fudd"<
>> sip:fudd at 108.238.216.11>' failed for '95.211.167.69' - No matching peer
>> found
>> [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fude"<
>> sip:fude at 108.238.216.11>' failed for '95.211.167.69' - No matching peer
>> found
>> [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fudenberg"<
>> sip:fudenberg at 108.238.216.11>' failed for '95.211.167.69' - No matching
>> peer found
>> [Mar  6 23:59:41] NOTICE[1694] chan_sip.c: Registration from '"fudge"<
>> sip:fudge at 108.238.216.11>' failed for '95.211.167.69' - No matching peer
>> found
>>
>> ;(;)
>> AllStar 28384
>> Irlp 7998 / 7766 / 7926
>> Echo 563329
>> :(:)
>>
>>
>>
>> On May 19, 2012, at 11:00 AM, app_rpt-users-request at ohnosec.org wrote:
>>
>>  Send App_rpt-users mailing list submissions to
>>     <app_rpt-users at ohnosec.org>app_rpt-users at ohnosec.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>     <http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users>
>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>> or, via email, send a message with subject or body 'help' to
>>     <app_rpt-users-request at ohnosec.org>app_rpt-users-request at ohnosec.org
>>
>> You can reach the person managing the list at
>>     <app_rpt-users-owner at ohnosec.org>app_rpt-users-owner at ohnosec.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of App_rpt-users digest..."
>>
>>
>> Today's Topics:
>>
>>   1. adding extensions to acid  all-star repeater (Bradley Haney)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Sat, 19 May 2012 09:19:32 -0500
>> From: Bradley Haney <kc9gqr at gmail.com>
>> To: <app_rpt-users at ohnosec.org>app_rpt-users at ohnosec.org
>> Subject: [App_rpt-users] adding extensions to acid  all-star repeater
>> Message-ID: <E3E3A42F-65BD-4B2E-BE21-67654048A29C at gmail.com>
>> Content-Type: text/plain; charset=us-ascii
>>
>> Hello all..
>>
>> Been looking through the old forums and trying to get a handle on how to
>> add  SIP extensions to my all-star box.  We are currently running acid
>> distro on our repeater and using the allstarlink auto patch service.   I
>> would like to be able to add a few sip extensions   so when i am on my cell
>> phone i can connect to the repeater and listen or dial  my wife who is a
>> ham on a different extension and ring her phone.   The extensions do not
>> have to have  "outside access" for the auto patch as the extensions would
>> be used for internal communication to and from the repeater or to and from
>> other extensions i add .  Example  extension 123 (which would be a sip
>> client) be able to dial 28079 which is the repeater.  or  a person on the
>> repeater  be able to dial  extension 123 and have the sip client ring.  I
>> have a static ip address so i know that won't be a problem,  just a little
>> confused on how to add everything in the  config files.   Does anyone by
>>  chance have a good working example
>>  they could share?  I would try the other distro  but everyone like the
>> web trans idea instead of using echo link  :)
>>
>> Thanks for any help i could get..
>>
>> Bradley
>> allstar node 28079
>>
>> ------------------------------
>>
>> _______________________________________________
>> App_rpt-users mailing list
>> App_rpt-users at ohnosec.org
>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>>
>>
>> End of App_rpt-users Digest, Vol 39, Issue 22
>> *********************************************
>>
>>
>> _______________________________________________
>> App_rpt-users mailing list
>> App_rpt-users at ohnosec.org
>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>>
>>
>
>
> --
> Randy Hammock
> Phone: 818-925-4576
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>
>
>


-- 
Randy Hammock
Phone: 818-925-4576
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20120522/2cb783dc/attachment.html>

More information about the App_rpt-users mailing list