[Freeswitch-users] needs some advice to secure my system

Ken Rice krice at freeswitch.org
Tue Feb 14 22:27:58 MSK 2012


if do a quick google for crash sip vicious you'll also find his blog entry
about the counter attack

On Tue, Feb 14, 2012 at 12:43 PM, Michael Collins <msc at freeswitch.org>wrote:

> Also, don't forget that the author of SIPVicious came and spoke to us
> about his project. He mentioned that most friendly scanners are using an
> older version of SIPVicious that susceptible to a "retaliatory attack" that
> will bring the script to a screeching halt.
>
> http://wiki.freeswitch.org/wiki/Weekly_Conference_Call (get recording
> from 2011-04-13)
>
> -MC
>
>
> On Tue, Feb 14, 2012 at 9:05 AM, Avi Marcus <avi at avimarcus.net> wrote:
>
>> I saw some comments about friendly-scanner that putting a REJECT in
>> iptables or responding with a SIP 200 OK caused the scanner to stop
>> nearly immediately. Might be worth looking into..
>>
>> -Avi
>>
>>
>> On Tue, Feb 14, 2012 at 6:40 PM, Michael Giagnocavo <mgg at giagnocavo.net>wrote:
>>
>>> ACL’ing like folks have suggested should help. But the problem is these
>>> attacks don’t always stop just because you’ve stopped responding. I’ve seen
>>> multi-day sustained scans at 30Mbps, but I’m sure they go much higher.**
>>> **
>>>
>>> ** **
>>>
>>> As folks have suggested, run SIP on another port to avoid detection, and
>>> only open your firewall on 5060 for absolute necessities.****
>>>
>>> ** **
>>>
>>> I was under the impression that Canadian bandwidth limits were more for
>>> DSL and the like. If you get a colo’d machine or something, you should not
>>> have problems with caps, right?****
>>>
>>> ** **
>>>
>>> -Michael****
>>>
>>> ** **
>>>
>>> *From:* freeswitch-users-bounces at lists.freeswitch.org [mailto:
>>> freeswitch-users-bounces at lists.freeswitch.org] *On Behalf Of *Philippe
>>> Le Toquin
>>> *Sent:* Tuesday, February 07, 2012 7:42 AM
>>> *To:* FreeSWITCH-users at lists.freeswitch.org
>>> *Subject:* [Freeswitch-users] needs some advice to secure my system****
>>>
>>> ** **
>>>
>>> Hello,
>>>
>>> Sorry to ask like that but could someone points me to some site that
>>> explains exactly what I need to open towards the internet so that
>>> my FS server is working while limiting its visibility?
>>>
>>> since 1st of February I have an IP that continually sends me SIP
>>> Register request at a rate of 70KB/s. I have complained to my internet
>>> provider but they refuse to help saying that the problem is on my side.
>>> I also logged a complain to the provider on that IP and am waiting on that.
>>>
>>> At the moment on my firewall I opened port 5060 and 5080 (well now I
>>> blocked as well that IP) but I want to know if both are really needed or if
>>> I could block one of them
>>>  or may be limit the port to some IP.
>>>
>>> Any help/links will be gladly received
>>>
>>> thanks
>>>
>>> /Philippe****
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120214/3c44c665/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list