Updating the anti-SIP attack script

The anti-SIP attack script has been doing a great job, but I did note a few shortcomings I wanted to fix.  For one thing, I was noticing a few “clusters” of networks that justified (to me) blocking larger networks.  No one outside the US has any reason to connect to my server, for example.  I can block entire /8 networks…  but doing so manually was cluttering up the iptables rule sets.

I modified the script to store a little more information in the text file, so i can go through it manually from time to time and make changes.  It’s easy to run the file through sort -n and see if it’s time to block a /16 or /8 network.

/bin/grep "No matching peer found" /var/log/asterisk/messages|cut -d "'" -f 4 | \
   cut -d "." -f 1-3 |sort -n |/usr/bin/uniq >> \
for d in `cat /root/anti-sip-attack.tmp`
  if [ `/sbin/iptables -L -n | grep -c $d` = "0" ]; then
    /sbin/iptables -I INPUT -s $d.0/24 -j DROP
    echo $d.0/24 >> /root/anti-sip-attack.txt
rm /root/anti-sip-attack.tmp