[Freeswitch-users] Attack using 5843 and music account?

Giovanni Maruzzelli gmaruzz at gmail.com
Wed Jan 5 00:54:37 MSK 2011


The internal address seems to be the one from which the OPoster tried
to be registered, and sent the challenge (and was rejected).
The original attempts, that were not rejected (probably because were
not sending challenges) were coming from external addresses.
-giovanni


On 1/4/11, Michael Collins <msc at freeswitch.org> wrote:
> Just curious, but did you notice that the IP address was internal?
> 192.168.0.6 - what IP address is that?
>
> On Mon, Jan 3, 2011 at 9:34 PM, xuyan yang <xyangni at gmail.com> wrote:
>
>> Got it. But if no failure log. fail2ban will not work. So how can we
>> protect fs from this kind of attack besides manually setup firewall rules
>> 1
>> by 1 on discovery?
>>
>> On Tue, Jan 4, 2011 at 12:54 AM, Brian West <brian at freeswitch.org> wrote:
>>
>>> Chances are he never received the challenge.. thus never logs an auth
>>> failure.
>>>
>>> /b
>>>
>>> On Jan 3, 2011, at 9:26 AM, xuyan yang wrote:
>>>
>>> 2011-01-03 15:19:32.360152 [WARNING] sofia_reg.c:1161 SIP auth failure
>>> (REGISTER) on sofia profile 'internal' for [music at 192.168.0.3] from ip
>>> 192.168.0.6
>>>
>>> So, how can this hacker successfully registered music account and avoid
>>> to
>>> be baned? it is strange.
>>>
>>> Thanks
>>>
>>>
>>>
>>> _______________________________________________
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>> _______________________________________________
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>

-- 
Sent from my mobile device

Sincerely,

Giovanni Maruzzelli
Cell : +39-347-2665618



More information about the FreeSWITCH-users mailing list