APIBAN: Protecting you from unwanted SIP traffic, Fred Posner

Video and Slides

Outline

APIBAN: Protecting you from unwanted SIP traffic

Fred Posner, Senior VoIP Engineer, VoIP Consultant, LOD Communications

  • APIBAN helps identify known bad actors before they attack your system
  • Simple API queries / JSON responses
  • Open Source client to automatically integrate into iptables
  • Free (as in beer) service from LOD.com

Review

Thank you Fred for coming back and updating us on APIBAN, an important initiative for the whole VoIP industry. Fred has been working on open source VoIP since the beginning, over 20 years, he is active across many projects, including Kamailio.

APIBAN is an alternative to Fail2Ban. Fred created APIBAN for a number of issues he faced using Fail2Ban, including memory and CPU utilization.

APIBAN helps prevent unwanted SIP traffic by identifying addresses of known bad actors before they attack your system.

The critical issue with identifying bad actors is the quality of the data. To do this APIBAN has many honeypots distributed globally and once detected identifies that IP address “active” for 7 days. The data is always fresh. Generally there are only about 1000 addresses that are active bad actors.

Fred runs through some examples to show how easy APIBAN is to use, integrate, and it’s all free! There’s no reason you shouldn’t be protecting your VoIP services with APIBAN.

Questions:

1) Where do most of the bad actors come from? Are their particular countries or network service providers that host them?

Fred: All over… no rhyme or reason yet discovered. As of me writing this, the majority of attacks are coming from Alibaba owned networks. A week ago, it was Digital Ocean

2) What is the motivation for a bad actor? Hold a company ransom? Make money through fraudulent calls to premium rate numbers?

Fred: Motivations include fraud (using your system to make calls) and denial of service. But motivations can change. They may be looking for pbx’s for future attacks.

3) Where do you plan to develop APIBAN in the future?

Fred: Perhaps some cidr ((Classless Inter-Domain Routing) based blocking, more ways to implement, more honeypots, more api functions/integrations

One thought on “APIBAN: Protecting you from unwanted SIP traffic, Fred Posner”

Leave a Reply

Your email address will not be published. Required fields are marked *