[Freeswitch-users] SPIT attack and how to strike back

Kristian Kielhofner kris at kriskinc.com
Thu Apr 21 19:13:24 MSD 2011


On Thu, Apr 21, 2011 at 11:03 AM, mazilo <Nabble at slickdeals.endjunk.com> wrote:
>
> Brian West wrote:
>> the little prick doesn't scan on 5080 yet as far as I know!  :P
> OK and that makes sense. When I telnet to both port 5060 and 5080 on my FS,
> it responded. So, I reckon it is safe and better to include both --dport
> 5080 and --dport 5060.

Keep in mind that sipvicious typically (always?) scans using UDP.
FreeSWITCH supports UDP, TCP and TLS (on 5061 if enabled).  Telnet is
TCP only so it's not a valid test for exposure to UDP only scans using
sipvicious.

For effective blocking of these attacks block TCP and UDP transports
to 5060 and 5080 if using the default config.

-- 
Kristian Kielhofner



More information about the FreeSWITCH-users mailing list