Recent searches
Search options
#apiban
CommCon SF will be starting shortly. Here's the livestream link:
Great Day 1 here at @commcon San Francisco hacking away (with some @cloudflare API's), meeting with friends, and meeting new people.
Looking forward to talking about #APIBAN tomorrow.
Big thanks to Lorne Gaetz for his help testing apiban-fail2ban on FreePBX 16/17. His feedback has allowed for script improvements and better documentation.
Added a new simple, lazy install script for the apiban-fail2ban client. The script is geared towards freepbx using "asterisk-iptables" as the jail.
@north @fredposner I’ve done it a couple times re #kamailio and #apiban - it’s a friendly one to one that’s then broadcast a week or two later.
How batshit crazy is Palo Alto spamming of #SIP servers?
The 198.235.24.0/24 currently has **102** active IP addresses sending unwanted SIP traffic.
Horrible.
In which I talk with voip.ms about #apiban ...
Continued exploit of open relay #SIP REGISTER attack occurring, with increased activity over the last 12 hours. Most IP addresses have already been seen, and vast majority of systems (doing the relaying) are Ingate Systems (the SIParator SBC). No response from Ingate.
Help protect your systems with #APIBAN (https://apiban.org)-- a free service, thanks to our sponsors.
Posted to LinkedIn regarding the continued #SIP open relay REGISTER attack seen by #APIBAN honeypots.
https://www.linkedin.com/posts/qxork_apiban-block-bad-sip-traffic-activity-7095054036319494144-Tfbd
Last night saw another round of #SIP open relay attacks. Most of the relaying appears to have been Ingate SIP Trunking Solutions' SIParator product.
APIBAN (https://apiban.org) is a free service (thanks to our sponsors) that you can implement on most *nix systems, some firewalls, etc to help protect yourself from these types of #VoIP attacks.
For more information on SIP open relay attacks, there's a great article from Ivan Kwabena Nyarko:
https://www.kwancro.com/post/another-open-relay-scan/
I really like the GitHub sponsor feature... nice, simple way to help an open source project you're using keep on keeping' on (as Joe Dirt would say).
For example. I love simplecss.com... and @kev made it easy to sponsor.
(By the way... you can sponsor #APIBAN if you're finding it helpful, or even if you're not... you can still sponsor)
Seeing a huge spike in REGISTER traffic attacking SIP servers out there. Many seem to be using Ingate SIParator SBC as an open relay.
APIBAN (https://apiban.org) is a free service to help protect you from these attacks.
Also, a good analysis of the last attack (written by Ivan Kwabena Nyarko) can be found here:
https://www.kwancro.com/post/another-open-relay-scan/
My slides from this year's Kamailio World 2023 presentation "Using APIBAN in Production"
There's a great new post from Ivan Nyarko discussing the #SIP open relay attacks we saw recently hitting #APIBAN (and impacting some smaller carriers):
https://www.kwancro.com/post/another-open-relay-scan/
Ivan is amazing at analyzing this data and his write-ups are simply a great read.
Very honored to be on this week's #ClueCon Weekly:
https://www.youtube.com/watch?v=2uBafByhUEE
I talk about #APIBAN, #Kamailio, #KamailioWorld, and #FreeSWITCH (as well as the upcoming ClueCon in Chicago).
Running a #sip server? Please check that you're not an open relay.
APIBAN has seen a dramatic increase in open relay servers being exploited (impacting some b2b providers).
Ivan Nyarko has a great tool to help test your server:
https://kwanlabs.com
A huge amount of unwanted #SIP / #VOIP traffic coming out of Japan over the last few days. Since the 29th, over 2700 active ip addresses were added to the block list.
Some example networks:
122.214.163.128/25
122.219.179.0/25
59.87.14.0/25
122.219.179.128/25
58.13.250.128/25
59.87.50.0/25
If you're using #APIBAN, these have already been blocked. Not using APIBAN? Think again... it's free (thanks to our sponsors). https://apiban.org