Reading the article in a minute ! However, as an information pointer I've some data ... I've an VM with asterisk at home, and every day I've to ban (I use fail2ban to do it automatically after 3 failed attempts from the same IP), average about 20 IPs attempting to use my SIP service to my provider. This turns into 100 per day in the office (average). Of course, if they succeed, they can make "free" calls that I need to pay from my pocket ... So, I report automatically those attempts (once banned), including the logs, to the abuse contacts of the IP holder. Some of them just don't care, unfortunately, as many abuse contacts, just don't work, or the mailboxes aren't being read, or they respond that you must fill in a form. Regards, Jordi El 25/4/19 13:29, "anti-abuse-wg en nombre de ac" <anti-abuse-wg-bounces@ripe.net en nombre de ac@main.me> escribió: Hi, I read an interesting article this morning and I thought I should share. https://www.nytimes.com/2019/04/24/technology/personaltech/stop-robocalls.ht... It is interesting how the types of abuse are related to the costs, geo, etc as well as perceived benefits thereof. Although I have setup SIP and have played extensively with stuff like asterisk, I do not work much with VoIP abuse or have much experience with it. (which is probably why it is interesting to me :) ) Andre ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
On Thu, 25 Apr 2019 14:06:39 +0200 JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote:
Reading the article in a minute ! However, as an information pointer I've some data ... I've an VM with asterisk at home, and every day I've to ban (I use fail2ban to do it automatically after 3 failed attempts from the same IP), average about 20 IPs attempting to use my SIP service to my provider. This turns into 100 per day in the office (average). Of course, if they succeed, they can make "free" calls that I need to pay from my pocket ... So, I report automatically those attempts (once banned), including the logs, to the abuse contacts of the IP holder. Some of them just don't care, unfortunately, as many abuse contacts, just don't work, or the mailboxes aren't being read, or they respond that you must fill in a form. Regards, Jordi
this is something very worthy of discussion, listing services has always existed for dynamic blocks, email abuse, bad neighborhood etc etc - and these lists are reflected/delivered/offered as rbl, dnsbl, wrbl, text, sql, etc etc - imho, the latest trends are weird as the generic lists are becoming too generic and specific or specialisation is the "next big thingTM" - as in not unicorny big but tech useful (mostly free) big... As an example of this, an combined email rbl (which also contains certain dynamic ranges known for not filtering egress, would be completely (or mostly) useless for filtering IP on SIP (or even brute) and a comment form rbl would be well suited for iptables on a web server... My latest new and shiny big idea is: I have an idea and a plan to dev a dynamic ip use dnsl which will return a flag on query... The idea is that any device would receive a code when query a RR The result on query would be multi digit and reflect the known data for that resource (examples: User Dynamic/Static - Abuse Reported Y/N - Port of abuse (all(dul)/21/22/25/53/80/443/etc) - Resource holder responsive Y/N - etc etc etc The further idea is to have exchangeable data streams so that the query (as well as the IPv4/6 of the query) becomes a data provider and then the reporting can be automated (or not) depending on the resource holder itself... What do you think? Kind Regards Andre
participants (2)
-
ac -
JORDI PALET MARTINEZ