[Freeswitch-users] Hacker Attack?

curriegrad2004 curriegrad2004 at gmail.com
Sun Jan 30 09:53:23 MSK 2011


uhm... remove the braces and do iptables -I INPUT -s 212.224.71.236 -j
DROP instead. Sorry for not being clear what the braces meant...

On Sat, Jan 29, 2011 at 10:47 PM, Joao Leme <joaocarlosleme at gmail.com> wrote:
> I tried "iptables -I INPUT -s [212.224.71.236] -j DROP" and got " Unknown
> command: iptables...". Do I must install fail2ban to issue iptables command?
> I'm on windows 7.
> Thanks
>
> On Sat, Jan 29, 2011 at 4:26 PM, curriegrad2004 <curriegrad2004 at gmail.com>
> wrote:
>>
>> iptables -I INPUT -s [hackerip] -j DROP
>>
>> A better solution is searching the wiki for fail2ban with FreeSwitch.
>>
>> On Sat, Jan 29, 2011 at 4:20 PM, Joao Leme <joaocarlosleme at gmail.com>
>> wrote:
>> > How do I do that?
>> > Thanks!
>> > On Sat, Jan 29, 2011 at 4:12 PM, curriegrad2004
>> > <curriegrad2004 at gmail.com>
>> > wrote:
>> >>
>> >> Try using iptables and block all incoming traffic from this specific
>> >> host?
>> >>
>> >> On Sat, Jan 29, 2011 at 3:39 PM, Joao Leme <joaocarlosleme at gmail.com>
>> >> wrote:
>> >> > I just downloaded and compiled the latest Git and a little after
>> >> > starting
>> >> > freeswitch I'm getting non stop the following:
>> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> >> > profile
>> >> > ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
>> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> >> > profile
>> >> > ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
>> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> >> > profile
>> >> > ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
>> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> >> > profile
>> >> > ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
>> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> >> > profile
>> >> > ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
>> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> >> > profile
>> >> > ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
>> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> >> > profile
>> >> > ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
>> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> >> > profile
>> >> > ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
>> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> >> > profile
>> >> > ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
>> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> >> > profile
>> >> > ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
>> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> >> > profile
>> >> > ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
>> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> >> > profile
>> >> > ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
>> >> > it's non-stop and doesn't let me do nothing else. After the first
>> >> > time I
>> >> > went on to vars and changed the 1234 password....restarted and same
>> >> > thing
>> >> > happened, I also try denying the ip on acl.conf (not sure if has
>> >> > something
>> >> > to do with it but gave it a try):
>> >> >
>> >> > <configuration name="acl.conf" description="Network Lists">
>> >> >         <network-lists>
>> >> >           <list name="test2" default="allow">
>> >> >             <node type="deny" host="212.224.71.236"
>> >> > mask="255.255.255.0"/>
>> >> >           </list>
>> >> >         </network-lists>
>> >> >       </configuration>
>> >> >
>> >> > Restarted the computer but nothing, he (thomas I guess) was back on
>> >> > my
>> >> > console.
>> >> >
>> >> > Any ideas??? p.s. My computer is on DMZ (I know DMZ is not ideal but
>> >> > is
>> >> > the
>> >> > only way I got to be able to connect to the internal profile from out
>> >> > of
>> >> > the
>> >> > office etc).
>> >> > _______________________________________________
>> >> > FreeSWITCH-users mailing list
>> >> > FreeSWITCH-users at lists.freeswitch.org
>> >> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >> >
>> >> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >> > http://www.freeswitch.org
>> >> >
>> >> >
>> >>
>> >> _______________________________________________
>> >> FreeSWITCH-users mailing list
>> >> FreeSWITCH-users at lists.freeswitch.org
>> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >>
>> >> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >> http://www.freeswitch.org
>> >
>> >
>> > _______________________________________________
>> > FreeSWITCH-users mailing list
>> > FreeSWITCH-users at lists.freeswitch.org
>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> > http://www.freeswitch.org
>> >
>> >
>>
>> _______________________________________________
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>



More information about the FreeSWITCH-users mailing list