[Freeswitch-users] event based sipVicious blocker
Ken Rice
krice at freeswitch.org
Wed Nov 11 19:33:10 MSK 2015
Why not just block it with iptables?
iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "VaxSIPUserAgent" --algo bm
iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm
iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "sipcli" --algo bm
iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "VaxSIPUserAgent" --algo bm
iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "friendly-scanner" --algo bm
iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "sipcli" --algo bm
these will get 99% of it because the script kiddies doing the scanning aren’t really that bright… there may be some additional strings to want to block, but these work great when combined with fail2bans log parser
From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Russell Treleaven
Sent: Wednesday, November 11, 2015 10:29 AM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
Subject: [Freeswitch-users] event based sipVicious blocker
I am working on a freeswitch sipVicious blocker.
I would like to run it from within freeswitch.
Is there a way to get events while running within freeswitch without running a socket via ESL::ESLconnection?
#!/usr/bin/perl
use strict;
use warnings;
use ESL;
my $c = new ESL::ESLconnection(
"localhost",
"8021",
"ClueCon"
);
$c->events(
"plain",
"CHANNEL_CREATE CUSTOM sofia::pre_register"
);
while ($c->connected()) {
my $event = $c->recvEvent();
#do some stuff
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20151111/659f11ec/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list