[Freeswitch-users] What kind of attack is this?
Mimiko
vbvbrj at gmail.com
Mon Oct 14 19:15:39 MSD 2013
On 14.10.2013 18:05, Ken Rice wrote:
> You can drop any packet with friendly-scanner in
> it with iptables as a way to defeat the attack also
I use this command:
iptables -I INPUT -j DROP -p udp –dport 5060 -m string –string
“friendly-scanner” –algo bm
and my iptables looks like this:
Chain INPUT (policy DROP 27 packets, 8596 bytes)
pkts bytes target prot opt in out source
destination
2482 905K DROP udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:5060 STRING match "friendly-scanner" ALGO
name bm TO 65535
0 0 DROP all -- * * 50.7.251.123
0.0.0.0/0
0 0 DROP all -- * * 199.241.187.214
0.0.0.0/0
0 0 DROP all -- * * 85.25.199.142
0.0.0.0/0
0 0 DROP all -- * * 50.30.37.10
0.0.0.0/0
0 0 DROP all -- * * 62.75.212.215
0.0.0.0/0
But this does not help.
--
Mimiko desu.
Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users
mailing list