[Freeswitch-users] Automatically don't respond to abnormal registrations

Stanislav Sinyagin ssinyagin at yahoo.com
Sun Sep 29 18:45:30 MSD 2013 

these iptables rules work for me:
http://txlab.wordpress.com/2013/06/29/protecting-a-vpbx-from-dos-attacks/
They reduce the CPU usage quite dramatically, still keeping the system operational.






________________________________
 From: Sayyed Mohammad Emami Razavi <emamirazavi at gmail.com>
To: freeswitch-users at lists.freeswitch.org; freeswitch-dev at lists.freeswitch.org 
Sent: Sunday, September 29, 2013 1:14 PM
Subject: [Freeswitch-users] Automatically don't respond to abnormal	registrations
 


Can anyone describe a way in FS to get rid of crawlers and hackers testing your PBX second by second on the internet?!
What is the problem? This is ls of my FS's sqlite db after some annoying behaviours of hackers and crawlers violently done:
[root at freeswitch db]# ll
total 705580
-rw-r--r-- 1 root root      7168 Sep 29 13:20 callcenter.db
-rw-r--r-- 1 root root     14336 Sep 23 10:29 call_limit.db
-rw-r--r-- 1 root root    257024 Sep 29 13:56 core.db
-rw-r--r-- 1 root root      5120 Sep 29 13:20 fifo.db
-rw-r--r-- 1 root root     98304 Sep 24 11:34 sofia_reg_sipinterface_2.db
-rw-r--r-- 1 root root    367616 Sep 25 18:31 sofia_reg_sipinterface_3.db
-rw-r--r-- 1 root root 500726784 Sep 29 13:56 sofia_reg_sipinterface_5.db
-rw-r--r-- 1 root root 221003312 Sep 29 13:56 sofia_reg_sipinterface_5.db-journal
-rw-r--r-- 1 root root     16384 Sep 23 10:29 voicemail_default.db
[root at freeswitch db]# 

sofia_reg_sipinterface_5.db belongs to the interface listening on 5060 port.

As you see sofia_reg_sipinterface_5.db exceed 500MB of size! and this db has crashed!
and leads to drop port 5060 of interfaces.


when i ask fs_cli about profiles it tells me:
+OK log level  [7]
freeswitch at internal> sofia status
                     Name       Type                                          Data    State
=================================================================================================
           sipinterface_3    profile               sip:mod_sofia at 192.168.2.73:5080    RUNNING (0)
              voicemail_1      alias                                sipinterface_2    ALIASED
              voicemail_2      alias                                sipinterface_2    ALIASED
           sipinterface_2    profile               sip:mod_sofia at 192.168.2.73:5070    RUNNING (0)
=================================================================================================
2 profiles 2 aliases


Which open source firewalls can handle automatically weird sip requests to ban?!

Sincerely yours, 


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com




Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130929/81d35769/attachment-0001.html

Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list