[Freeswitch-users] Hacker Attack?

Peter Olsson peter.olsson at visionutveckling.se
Sun Jan 30 13:10:30 MSK 2011


iptables is a Linux command.

/Peter


----- Reply message -----
Från: "Joao Leme" <joaocarlosleme at gmail.com>
Datum: sön, jan 30, 2011 13:56
Rubrik: [SPAM] - Re: [Freeswitch-users] Hacker Attack?
Till: "FreeSWITCH Users Help" <freeswitch-users at lists.freeswitch.org>

I tried "iptables -I INPUT -s [212.224.71.236] -j DROP" and got " Unknown command: iptables...". Do I must install fail2ban to issue iptables command? I'm on windows 7.
Thanks

On Sat, Jan 29, 2011 at 4:26 PM, curriegrad2004 <curriegrad2004 at gmail.com<mailto:curriegrad2004 at gmail.com>> wrote:
iptables -I INPUT -s [hackerip] -j DROP

A better solution is searching the wiki for fail2ban with FreeSwitch.

On Sat, Jan 29, 2011 at 4:20 PM, Joao Leme <joaocarlosleme at gmail.com<mailto:joaocarlosleme at gmail.com>> wrote:
> How do I do that?
> Thanks!
> On Sat, Jan 29, 2011 at 4:12 PM, curriegrad2004 <curriegrad2004 at gmail.com<mailto:curriegrad2004 at gmail.com>>
> wrote:
>>
>> Try using iptables and block all incoming traffic from this specific host?
>>
>> On Sat, Jan 29, 2011 at 3:39 PM, Joao Leme <joaocarlosleme at gmail.com<mailto:joaocarlosleme at gmail.com>>
>> wrote:
>> > I just downloaded and compiled the latest Git and a little after
>> > starting
>> > freeswitch I'm getting non stop the following:
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> > profile
>> > ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> > profile
>> > ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> > profile
>> > ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> > profile
>> > ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> > profile
>> > ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> > profile
>> > ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> > profile
>> > ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> > profile
>> > ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> > profile
>> > ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> > profile
>> > ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> > profile
>> > ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
>> > profile
>> > ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
>> > it's non-stop and doesn't let me do nothing else. After the first time I
>> > went on to vars and changed the 1234 password....restarted and same
>> > thing
>> > happened, I also try denying the ip on acl.conf (not sure if has
>> > something
>> > to do with it but gave it a try):
>> >
>> > <configuration name="acl.conf" description="Network Lists">
>> >         <network-lists>
>> >           <list name="test2" default="allow">
>> >             <node type="deny" host="212.224.71.236"
>> > mask="255.255.255.0"/>
>> >           </list>
>> >         </network-lists>
>> >       </configuration>
>> >
>> > Restarted the computer but nothing, he (thomas I guess) was back on my
>> > console.
>> >
>> > Any ideas??? p.s. My computer is on DMZ (I know DMZ is not ideal but is
>> > the
>> > only way I got to be able to connect to the internal profile from out of
>> > the
>> > office etc).
>> > _______________________________________________
>> > FreeSWITCH-users mailing list
>> > FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> > http://www.freeswitch.org
>> >
>> >
>>
>> _______________________________________________
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>

_______________________________________________
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

!DSPAM:4d450b3232767678720833!



More information about the FreeSWITCH-users mailing list