[Freeswitch-users] event based sipVicious blocker

Ken Rice krice at freeswitch.org
Wed Nov 11 19:33:10 MSK 2015


Why not just block it with iptables?

 

 

iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "VaxSIPUserAgent" --algo bm

iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm

iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "sipcli" --algo bm

iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "VaxSIPUserAgent" --algo bm

iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "friendly-scanner" --algo bm

iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "sipcli" --algo bm

 

 

these will get 99% of it because the script kiddies doing the scanning aren’t really that bright… there may be some additional strings to want to block, but these work great when combined with fail2bans log parser

 

From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Russell Treleaven
Sent: Wednesday, November 11, 2015 10:29 AM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
Subject: [Freeswitch-users] event based sipVicious blocker

 

I am working on a freeswitch sipVicious blocker.

I would like to run it from within freeswitch.

Is there a way to get events while running within freeswitch without running a socket via ESL::ESLconnection?

 

#!/usr/bin/perl

use strict;

use warnings;

use ESL;

my $c = new ESL::ESLconnection(

            "localhost",

            "8021",

            "ClueCon"

);

$c->events(

            "plain",

            "CHANNEL_CREATE CUSTOM sofia::pre_register"

);

while ($c->connected()) {

            my $event = $c->recvEvent();

#do some stuff 

}

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20151111/659f11ec/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list