[Freeswitch-users] What kind of attack is this?

Mimiko vbvbrj at gmail.com
Mon Oct 14 19:15:39 MSD 2013


On 14.10.2013 18:05, Ken Rice wrote:
> You can drop any packet with friendly-scanner in
> it with iptables as a way to defeat the attack also

I use this command:

iptables -I INPUT -j DROP -p udp –dport 5060 -m string –string 
“friendly-scanner” –algo bm

and my iptables looks like this:

Chain INPUT (policy DROP 27 packets, 8596 bytes)
  pkts bytes target     prot opt in     out     source 
destination
  2482  905K DROP       udp  --  *      *       0.0.0.0/0 
0.0.0.0/0           udp dpt:5060 STRING match "friendly-scanner" ALGO 
name bm TO 65535
     0     0 DROP       all  --  *      *       50.7.251.123 
0.0.0.0/0
     0     0 DROP       all  --  *      *       199.241.187.214 
0.0.0.0/0
     0     0 DROP       all  --  *      *       85.25.199.142 
0.0.0.0/0
     0     0 DROP       all  --  *      *       50.30.37.10 
0.0.0.0/0
     0     0 DROP       all  --  *      *       62.75.212.215 
0.0.0.0/0

But this does not help.

-- 
Mimiko desu.



Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list