APIBAN helps prevent unwanted SIP traffic by identifying addresses of known bad actors before they attack your system. Bad actors are collected through globally deployed honeypots and curated by LOD/APIBAN.
APIBAN started from discussions at tech conferences (in particular Kamailio World and Astricon). Most of the attendees had seen increases in malicious SIP traffic and we all thought there should be a way to share the active “bad actors.”
When I found myself with some downtime, and with the support of LOD, some honeypots were deployed… and API made to share the data, and APIBAN was born.
IPset(s)
I say set(s), because right now… there’s just the one set. ;)
IPsets (lists of IPs) can be used by many firewalls, iptables, and appliances (such as pfsense, opnsense, etc.) to block unwanted traffic to your network. There’s a great tutorial available on adding an external ipset to opnsense and even one or two for pfsense.
With APIBAN, the link is simple:
https://apiban.org/ipset/[APIKEY]/list
(where [APIKEY] is replaced with your APIBAN APIKEY)
To get an APIKEY, you just need to go to APIBAN and request a key. Simple, Free, and Easy.
APIBAN
Of course, you can also use the API features of APIBAN or even use one of the free clients to automatically block IPs in iptables.
Only APIBAN deployed Honeypots are used to find the IPs of bad traffic being sent to SIP systems. This also includes non-SIP traffic sent to Voice systems as seen in recent DDoS attacks.
I certainly hope you find this useful.
Additional Reading
- apiban.org
- LOD.com (Main sponsor of APIBAN)
- apiban on github (apiban clients and examples)
- iptables-api (simple api for local iptables management)
- Blocking malicious IPs with OPNsense and external lists
- Block Malicious IPs in pfSense