[Freeswitch-users] needs some advice to secure my system

Michael Collins msc at freeswitch.org
Tue Feb 14 21:43:34 MSK 2012


Also, don't forget that the author of SIPVicious came and spoke to us about
his project. He mentioned that most friendly scanners are using an older
version of SIPVicious that susceptible to a "retaliatory attack" that will
bring the script to a screeching halt.

http://wiki.freeswitch.org/wiki/Weekly_Conference_Call (get recording from
2011-04-13)

-MC

On Tue, Feb 14, 2012 at 9:05 AM, Avi Marcus <avi at avimarcus.net> wrote:

> I saw some comments about friendly-scanner that putting a REJECT in
> iptables or responding with a SIP 200 OK caused the scanner to stop
> nearly immediately. Might be worth looking into..
>
> -Avi
>
>
> On Tue, Feb 14, 2012 at 6:40 PM, Michael Giagnocavo <mgg at giagnocavo.net>wrote:
>
>> ACL’ing like folks have suggested should help. But the problem is these
>> attacks don’t always stop just because you’ve stopped responding. I’ve seen
>> multi-day sustained scans at 30Mbps, but I’m sure they go much higher.***
>> *
>>
>> ** **
>>
>> As folks have suggested, run SIP on another port to avoid detection, and
>> only open your firewall on 5060 for absolute necessities.****
>>
>> ** **
>>
>> I was under the impression that Canadian bandwidth limits were more for
>> DSL and the like. If you get a colo’d machine or something, you should not
>> have problems with caps, right?****
>>
>> ** **
>>
>> -Michael****
>>
>> ** **
>>
>> *From:* freeswitch-users-bounces at lists.freeswitch.org [mailto:
>> freeswitch-users-bounces at lists.freeswitch.org] *On Behalf Of *Philippe
>> Le Toquin
>> *Sent:* Tuesday, February 07, 2012 7:42 AM
>> *To:* FreeSWITCH-users at lists.freeswitch.org
>> *Subject:* [Freeswitch-users] needs some advice to secure my system****
>>
>> ** **
>>
>> Hello,
>>
>> Sorry to ask like that but could someone points me to some site that
>> explains exactly what I need to open towards the internet so that
>> my FS server is working while limiting its visibility?
>>
>> since 1st of February I have an IP that continually sends me SIP Register
>> request at a rate of 70KB/s. I have complained to my internet
>> provider but they refuse to help saying that the problem is on my side. I
>> also logged a complain to the provider on that IP and am waiting on that.
>>
>> At the moment on my firewall I opened port 5060 and 5080 (well now I
>> blocked as well that IP) but I want to know if both are really needed or if
>> I could block one of them
>>  or may be limit the port to some IP.
>>
>> Any help/links will be gladly received
>>
>> thanks
>>
>> /Philippe****
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120214/02513350/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list