[Freeswitch-users] acl validation
Patrick Lists
freeswitch-list at puzzled.xs4all.nl
Sat Dec 3 18:33:41 MSK 2011
On 12/03/2011 03:41 AM, Darcy wrote:
> Brian, thanks for the input, I have researched this exhaustively to be
> sure I don’t. We ran an extensive search on the system and could not
> find this IP address anywhere on the system, but yet they could make
> calls. This is an IP address from russia, they hit the network for
> around $20k in October then out of the blue they started being blocked,
> I am really worried they will find another hole in the system, if there
> is indeed one.
Don't know if you already have more countermeasures in place but I would
also add firewall (iptables) rules to *only* allow certain IP ranges so
you not only rely on the FreeSWITCH ACL.
The 91.212.226.0/24 network is a Provider Independent range owned by
some shady Russian outfit (missing city+country in the RIPE reg?) and
judging from various traceroutes seems to be currently hosted by
as5577.net in Luxembourg (root.lu?):
http://trace.die.net/search/?q=91.212.226.23
Regards,
Patrick
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list