1 Nov
2010
1 Nov
'10
8:41 a.m.
On Mon, 2010-11-01 at 09:33 +0100, Conrad Wood wrote:
As clients' phones register against the server
(coming from dynamic ips)
I can't easily move to a different port or so ;(
Has anyone got any good suggestions?
If the clients use ISPs known to you, you could firewall off most of the
internet and just let through the netblocks for those given ISPs - you'd
occasionally get faults with phones not being able to register when they
appear on a new block, but it would deal with dynamic IPs for the most
part.
Alternatively, you could range-block foreign ISPs quite liberally -
again not perfect, but if your customers are UK-based and the scanning
is mostly foreign, then it would help at least cut some scanning out
before it gets to fail2ban.
Other than that, there aren't many great defences in your situation that
I can think of. Phone fraud, sadly, is a costly as it is valuable, and
makes it a very worthwhile target for crackers to go after.
Cheers
Alex.
--
This message was scanned by Better Hosted and is believed to be clean.
http://www.betterhosted.com