The purpose of this application is to serve as a "watchdog" of an Asterisk system so that it can detect attempted attacks and update the firewall rules to prevent further attack. When an attack is detected, the application will inform Sinologic.net to introduce the attacker in a public list to report to other users who use this application and can ban IP addresses that attackers always considered a real danger and thus preempt to attack.

The operation is very simple, sipcheck, once configured, will parse the file 'messages' Asterisk for lines that show attempts to attack:

[show some examples]

Once it has identified a number of attempts from the same IP address, the system will activate the defense system:

• Activating the shields (entering the IP address in the firewall)
    
• Spreading the information (sending that IP address to Sinologic)
    
• Sending countermeasures (running a specific code when it detects an attacker IP)

Downloading the application:

git clone https://github.com/sinologicnet/sipcheck

Installing the applicacion:

cd sipcheck
python setup.py install

We could get new user account to use shared lists.

When you use a shared list features, you will need a "key user" that you will configure into configuration file.
This "key" will be used for ranking and fiability of the ips reported.
During the beta version time, you can get your "temporal key" entering in this page:
http://sipcheck.sinologic.net/getKey
Although you can set "key" field as anonymous we recommend that register and use your own key.

[general]
messagefile=/var/log/asterisk/messages      ; Asterisk message file. Sure you that you log errors
loglevel=debug                              ; 
useiptables=True                            ; If you want insert into iptables.
minticks=5                                  ; Num of try before consider an attack
logfile=/tmp/sipcheck.log                   ; Log file
[shared]
enable=True                                 ; Enable this if you want to report attackers to a common list
key=494949                                  ; Personal KEY
[database]
file=/tmp/sipcheck.db                       ; Local database where all information is storaged
[ignore]                                    ; List of host and network to ignored if they are detected as attackers
own=178.60.201.227/32,127.0.0.1/32,192.168.0.0/16,10.0.0.0/12
[gui]                                       ; On construction...
enable=True
port=8081
user=admin
pass=sipcheck
listen=127.0.0.1

Execute the application

./bin/sipcheck -c ./etc/sipcheck.conf