[Freeswitch-users] sip auth challenge HACKING ???

Mark Holloway mh at markholloway.com
Tue Mar 8 18:52:10 MSK 2011 

A session border controller would solve your problem.  You can configure it so any IP that fails SIP authentication X number of times within X number of seconds/minutes will get "demoted" and no additional SIP messages will get through to Freeswtich.  You can set the hold-down timer on the SBC so the IP isn't demoted forever. Some refer to it as SIP DoS, DDoS, call it what you want, but this functionality is best handled by the SBC.

On Mar 8, 2011, at 8:32 AM, curriegrad2004 wrote:

> Or just for fun, you can set up a honeypot with all extensions routing
> to nowhere or to a very very nasty extension ;)
> 
> On Tue, Mar 8, 2011 at 3:00 AM, Dmitry Saratsky <simpot at simpot.com> wrote:
>> I’m blocking it with: http://wiki.freeswitch.org/wiki/Fail2ban
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> From: freeswitch-users-bounces at lists.freeswitch.org
>> [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Erkan
>> Ünlü
>> Sent: 08 Mar 2011 12:39
>> To: freeswitch-users at lists.freeswitch.org
>> Subject: [Freeswitch-users] sip auth challenge HACKING ???
>> 
>> 
>> 
>> Hi FS Users,
>> 
>> 
>> 
>> in last time i see in my console of FS this kind of error messages.
>> 
>> 
>> 
>> [WARNING] sofia_reg.c:1246 SIP auth challenge (INVITE) on sofia profile
>> 'internal' for [5828@?????????] from ip ???7?.1??.7??.???
>> 
>> 
>> 
>> i check my config files ever again and again, but today the console is only
>> given this kind of messages. Maybe 20 messages per second.
>> 
>> 
>> 
>> i see the ip that given in the console “from ip xx.xx.xx.xx” i block this ip
>> in my firewall and everything is fine.
>> 
>> Now i understand that this a trying to hacking my server. The blocking of
>> the ip is a solution but can not handle this in Freeswitch, because i see
>> this problem sometimes on different FS servers also and in normally the FS
>> server maybe must can handle this problem. For example with automatic black
>> lists if an ip trys more than 20 times with wrong login. So the ip will be
>> banned for 1 hour or so.
>> 
>> 
>> 
>> i’m interesting in if other users have the same problems and ideas in how we
>> can handle this.
>> 
>> 
>> 
>> Kind regards
>> 
>> Erkan
>> 
>> 
>> 
>> _______________________________________________
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>> 
>> 
> 
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

More information about the FreeSWITCH-users mailing list