This post is at: ForumGeneral Questions
9 posts / 0 new
Last post
eeman
eeman's picture
Joined: 2007/11/06
Points: 190

Attached is a document I wrote on how to implement the VoIP Blacklist into thirdlane. This works in a similar manner as the email RBLs in where a community updates a central database of known voip fraud. Instant gain blocking of 49k known IPs performing malicious fraud.

AttachmentSize
PDF icon thirdlane-voipbl.pdf133 KB
mcampbell@1poin...
mcampbell@1pointcom.com's picture
Joined: 2015/05/20
Points: 0

Erik - thanks for the excellent how-to. I was able to quickly implement this on my server & look forward to less sipvicious, etc... activity.
--Matt

matthewmalk248
matthewmalk248's picture
Joined: 2015/08/09
Points: 20

Love this! Thanks for the contribution Erik!

matthewmalk248
matthewmalk248's picture
Joined: 2015/08/09
Points: 20

Just noticed I'm getting a "iptables: Resource temporarily unavailable." error on this now, I double checked the script on the voipbl website, and I see some people reporting this error due to low RAM but I have 18GB Free. Anyone else get this?

mcampbell@1poin...
mcampbell@1pointcom.com's picture
Joined: 2015/05/20
Points: 0

In which logfile are you seeing this message?

NickJ
NickJ's picture
Joined: 2017/05/04
Points: 20

Just be wary of the quality of the data in the blocklist, anyone can add which is great, but comes with it's downsides.
We ran it on our core firewall and found someone had added 8.8.8.8 (Google's Public DNS) to the blocklist, which broke a stack of things.

matthewmalk248
matthewmalk248's picture
Joined: 2015/08/09
Points: 20

When running the script manually it showed on the cli, i can't find it in logs. Something weird has started happening with asterisk CPU being in the 200%'s and call audio getting choppy but I have to assume that's coincendental and I'll try to get some help with that separately.

matthewmalk248
matthewmalk248's picture
Joined: 2015/08/09
Points: 20

One quickie thing I found that if you include -n option in the "if [ `iptables -L | grep -c "Chain BLACKLIST-INPUT"` -lt 1 ]; then", the script wont waste a bunch of time & effort trying to resolve IPs.
I'm still trying to figure out the iptables: Resource temporarily unavailable. issue

matthewmalk248
matthewmalk248's picture
Joined: 2015/08/09
Points: 20

Has anyone confirmed that the full list is being inserted into their iptables on their Thirdlane install? I just noticed on both my VM & Physical Thirdlane install, the ack/insert part of the script is running extremely slow and it seems to time out after around 20 minutes and get to around '193.x.x.x' and '199.x.x.x' in the blacklist. When running this on a mix of 9 other systems (non-thirdlane) it completed the whole list in about 5-6 minutes Both Thirdlane systems have way more CPU, iNet speeds, & RAM than the other ones so I'm pretty confused.

I can run iptables -L -n during the script and see that the Thirdlane boxes seem take 3x the time per entry than the other Linux boxes. Should I try updating something?