[freeswitch-sec] Fraud

Ashley Breeden ash at url.net.au
Fri Aug 16 19:58:25 MSD 2013


Hi Brian,

I would be interested in the honeypot idea and I think it could work very well.  I have always thought a centralised system where trusted organisations could supply data feeds of IP's that have attacked them and fraudulent destinations would be very helpful in reducing the risk associated with having public facing servers. 

I am happy to volunteer and help see this one happen (Timezone difference in Australia creates a little problem).  What sort of skills do you think you need for this?

I currently run a series of fail2ban rules over my firewall logs looking for attackers making connection to various SIP ports on networks where there is no SIP server.  If someone does scan the wrong IP the fail2ban action would then ban the IP from my network for a week.  If myself and others shared these IP's to a central location we should be able to build up a valid list of IP's to block.

I wouldn't say allow everyone to supply data feeds as there is a chance of the wrong addresses being blocked but there would have to be "Trusted" people in the community that could supply reliable data.

Cheers,


Ash.

On 16/08/2013, at 1:46 AM, Brian West <brian at freeswitch.org> wrote:

> Ira,
> 	Yes, this would be a perfect place to do that, I have been thinking if we could setup some sort of honey pot network and centralized reporting we could help protect voip installs all over the place. 
> 
> I'm one person, we would need some volunteers to step up and help build this out.
> 
> --
> Brian West
> brian at freeswitch.org
> FreeSWITCH Solutions, LLC
> PO BOX PO BOX 2531
> Brookfield, WI 53008-2531
> Twitter: @FreeSWITCH_Wire
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
> 
> T: +1.918.420.9001  |  F: +1.918.420.9002  |  M: +1.918.424.WEST
> iNUM: +883 5100 1420 9001
> ISN: 410*543
> Skype:briankwest
> PGP Key: http://www.bkw.org/key.txt (AB93356707C76CED)
> 
> 
> 
> 
> 
> 
> 
> 
> 
> On Aug 15, 2013, at 10:40 AM, Ira Tessler <ira at connectmevoice.com> wrote:
> 
>> Could we also at fraud to the discussion? In particular, international
>> call fraud and ways to prevent this.
>> 
>> Ira Tessler
>> Lead Software Engineer
>> ConnectMe
>> (732) 490-9007 x2
>> ira at connectmevoice.com
>> 
>> 
>> -----Original Message-----
>> From: freeswitch-sec-bounces at tron.freeswitch.org
>> [mailto:freeswitch-sec-bounces at tron.freeswitch.org] On Behalf Of Brian
>> West
>> Sent: Thursday, August 15, 2013 10:52 AM
>> To: freeswitch-sec at lists.freeswitch.org
>> Subject: Re: [freeswitch-sec] Welcome!
>> 
>> Security Conscience FreeSWITCH Users,
>> 
>> 	This during our Friday FFA call, we could tag team some bullet
>> points on what we hope to accomplish in the security arena with
>> FreeSWITCH:
>> 
>> 1. Process Security: buffer overflows and code review 2. Install Security:
>> Running as Non-Root, SE Linux possibly 3. Voice and Signaling encryption
>> 4. SRTP/ZRTP/DTLS docs, how each can be used.
>> 5. Review TLS docs, guidelines and setup instructions.
>> 6. Recommended steps for a secure deployment.
>> 7. Compatible phones for secure operations
>> 
>> Please comment, toss in your two cents, I want to get a serious discussion
>> started on this list!
>> 
>> What I don't want is 'CRICKETS', lets get this party started...
>> 
>> Thanks,
>> --
>> Brian West
>> brian at freeswitch.org
>> FreeSWITCH Solutions, LLC
>> PO BOX PO BOX 2531
>> Brookfield, WI 53008-2531
>> Twitter: @FreeSWITCH_Wire
>> http://www.freeswitchbook.com
>> http://www.freeswitchcookbook.com
>> 
>> T: +1.918.420.9001  |  F: +1.918.420.9002  |  M: +1.918.424.WEST
>> iNUM: +883 5100 1420 9001
>> ISN: 410*543
>> Skype:briankwest
>> PGP Key: http://www.bkw.org/key.txt (AB93356707C76CED)
>> 
>> On Aug 14, 2013, at 1:36 PM, Brian West <brian at freeswitch.org> wrote:
>> 
>>> Welcome everyone,
>>> 
>>> 	Its time to start the discussion.  Who wants to take the lead and
>> start a wiki page to guide our discussion topics?
>>> --
>>> Brian West
>>> brian at freeswitch.org
>>> FreeSWITCH Solutions, LLC
>>> PO BOX PO BOX 2531
>>> Brookfield, WI 53008-2531
>>> Twitter: @FreeSWITCH_Wire
>>> http://www.freeswitchbook.com
>>> http://www.freeswitchcookbook.com
>>> 
>>> T: +1.918.420.9001  |  F: +1.918.420.9002  |  M: +1.918.424.WEST
>>> iNUM: +883 5100 1420 9001
>>> ISN: 410*543
>>> Skype:briankwest
>>> PGP Key: http://www.bkw.org/key.txt (AB93356707C76CED)
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> freeswitch-sec mailing list
>>> freeswitch-sec at tron.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-sec
>> 
>> _______________________________________________
>> freeswitch-sec mailing list
>> freeswitch-sec at tron.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-sec
> 
> _______________________________________________
> freeswitch-sec mailing list
> freeswitch-sec at tron.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-sec




Join us at ClueCon 2013 Aug 6-8, 2013
More information about the freeswitch-sec mailing list