[Freeswitch-users] Hacker Attack?

curriegrad2004 curriegrad2004 at gmail.com
Sun Jan 30 03:12:38 MSK 2011 

Try using iptables and block all incoming traffic from this specific host?

On Sat, Jan 29, 2011 at 3:39 PM, Joao Leme <joaocarlosleme at gmail.com> wrote:
> I just downloaded and compiled the latest Git and a little after starting
> freeswitch I'm getting non stop the following:
> [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
> ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
> [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
> ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
> [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
> ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
> [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
> ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
> [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
> ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
> [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
> ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
> [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
> ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
> [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
> ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
> [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
> ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
> [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
> ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
> [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
> ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
> [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
> ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
> it's non-stop and doesn't let me do nothing else. After the first time I
> went on to vars and changed the 1234 password....restarted and same thing
> happened, I also try denying the ip on acl.conf (not sure if has something
> to do with it but gave it a try):
>
> <configuration name="acl.conf" description="Network Lists">
>         <network-lists>
>           <list name="test2" default="allow">
>             <node type="deny" host="212.224.71.236" mask="255.255.255.0"/>
>           </list>
>         </network-lists>
>       </configuration>
>
> Restarted the computer but nothing, he (thomas I guess) was back on my
> console.
>
> Any ideas??? p.s. My computer is on DMZ (I know DMZ is not ideal but is the
> only way I got to be able to connect to the internal profile from out of the
> office etc).
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>

More information about the FreeSWITCH-users mailing list