[Freeswitch-users] Hacker Attack?

Joao Leme joaocarlosleme at gmail.com
Sun Jan 30 18:54:30 MSK 2011


I figured. Same for Fail2Ban I guess. Any suggestions for Windows?

Also I was wondering why it never happened on my 1.0.4 (14460) version
(precompiled version)? I had it running for a month 24hrs and had never seen
this before. And after starting the Git Head (below) from Yesterday it
happened in seconds all 3 times I restarted (restarted the computer to be
sure). Maybe something wrong with the current version? To be safe I went
back to my stable 1.0.4 version and haven't had any problems.

49a5effcdf2cea9e0ddcf146cf3fe85d1872e654
mod_callcenter: Add error response for queue load and queue reload (FS-2988)

Marc Olivier Chouinard
 2011-01-29 00:09:06

On Sun, Jan 30, 2011 at 2:10 AM, Peter Olsson <
peter.olsson at visionutveckling.se> wrote:

> iptables is a Linux command.
>
> /Peter
>
>
> ----- Reply message -----
> Från: "Joao Leme" <joaocarlosleme at gmail.com>
> Datum: sön, jan 30, 2011 13:56
> Rubrik: [SPAM] - Re: [Freeswitch-users] Hacker Attack?
> Till: "FreeSWITCH Users Help" <freeswitch-users at lists.freeswitch.org>
>
> I tried "iptables -I INPUT -s [212.224.71.236] -j DROP" and got " Unknown
> command: iptables...". Do I must install fail2ban to issue iptables command?
> I'm on windows 7.
> Thanks
>
> On Sat, Jan 29, 2011 at 4:26 PM, curriegrad2004 <curriegrad2004 at gmail.com
> <mailto:curriegrad2004 at gmail.com>> wrote:
> iptables -I INPUT -s [hackerip] -j DROP
>
> A better solution is searching the wiki for fail2ban with FreeSwitch.
>
> On Sat, Jan 29, 2011 at 4:20 PM, Joao Leme <joaocarlosleme at gmail.com
> <mailto:joaocarlosleme at gmail.com>> wrote:
> > How do I do that?
> > Thanks!
> > On Sat, Jan 29, 2011 at 4:12 PM, curriegrad2004 <
> curriegrad2004 at gmail.com<mailto:curriegrad2004 at gmail.com>>
> > wrote:
> >>
> >> Try using iptables and block all incoming traffic from this specific
> host?
> >>
> >> On Sat, Jan 29, 2011 at 3:39 PM, Joao Leme <joaocarlosleme at gmail.com
> <mailto:joaocarlosleme at gmail.com>>
> >> wrote:
> >> > I just downloaded and compiled the latest Git and a little after
> >> > starting
> >> > freeswitch I'm getting non stop the following:
> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
> >> > profile
> >> > ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
> >> > profile
> >> > ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
> >> > profile
> >> > ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
> >> > profile
> >> > ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
> >> > profile
> >> > ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
> >> > profile
> >> > ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
> >> > profile
> >> > ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
> >> > profile
> >> > ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
> >> > profile
> >> > ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
> >> > profile
> >> > ‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
> >> > profile
> >> > ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
> >> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia
> >> > profile
> >> > ‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
> >> > it's non-stop and doesn't let me do nothing else. After the first time
> I
> >> > went on to vars and changed the 1234 password....restarted and same
> >> > thing
> >> > happened, I also try denying the ip on acl.conf (not sure if has
> >> > something
> >> > to do with it but gave it a try):
> >> >
> >> > <configuration name="acl.conf" description="Network Lists">
> >> >         <network-lists>
> >> >           <list name="test2" default="allow">
> >> >             <node type="deny" host="212.224.71.236"
> >> > mask="255.255.255.0"/>
> >> >           </list>
> >> >         </network-lists>
> >> >       </configuration>
> >> >
> >> > Restarted the computer but nothing, he (thomas I guess) was back on my
> >> > console.
> >> >
> >> > Any ideas??? p.s. My computer is on DMZ (I know DMZ is not ideal but
> is
> >> > the
> >> > only way I got to be able to connect to the internal profile from out
> of
> >> > the
> >> > office etc).
> >> > _______________________________________________
> >> > FreeSWITCH-users mailing list
> >> > FreeSWITCH-users at lists.freeswitch.org<mailto:
> FreeSWITCH-users at lists.freeswitch.org>
> >> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> > UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> > http://www.freeswitch.org
> >> >
> >> >
> >>
> >> _______________________________________________
> >> FreeSWITCH-users mailing list
> >> FreeSWITCH-users at lists.freeswitch.org<mailto:
> FreeSWITCH-users at lists.freeswitch.org>
> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> http://www.freeswitch.org
> >
> >
> > _______________________________________________
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org<mailto:
> FreeSWITCH-users at lists.freeswitch.org>
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
> >
> >
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org<mailto:
> FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
> !DSPAM:4d450b3232767678720833!
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20110130/17f0f12e/attachment-0001.html 


More information about the FreeSWITCH-users mailing list