[Freeswitch-users] event based sipVicious blocker

Russell Treleaven rtreleaven at bunnykick.ca
Fri Nov 13 07:18:32 MSK 2015


figured out how to use events without a socket and thought I would share.

my $con = new freeswitch::EventConsumer("CHANNEL_CREATE");
$con->bind(
"CUSTOM",
"sofia::pre_register"
);
while(my $e = $con->pop(1)) {
freeswitch::consoleLog(
"INFO",
$e->serialize . "\n"
);
}

On Wed, Nov 11, 2015 at 11:33 AM, Ken Rice <krice at freeswitch.org> wrote:

> Why not just block it with iptables?
>
>
>
>
>
> iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string
> "VaxSIPUserAgent" --algo bm
>
> iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string
> "friendly-scanner" --algo bm
>
> iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "sipcli"
> --algo bm
>
> iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string
> "VaxSIPUserAgent" --algo bm
>
> iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string
> "friendly-scanner" --algo bm
>
> iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "sipcli"
> --algo bm
>
>
>
>
>
> these will get 99% of it because the script kiddies doing the scanning
> aren’t really that bright… there may be some additional strings to want to
> block, but these work great when combined with fail2bans log parser
>
>
>
> *From:* freeswitch-users-bounces at lists.freeswitch.org [mailto:
> freeswitch-users-bounces at lists.freeswitch.org] *On Behalf Of *Russell
> Treleaven
> *Sent:* Wednesday, November 11, 2015 10:29 AM
> *To:* FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
> *Subject:* [Freeswitch-users] event based sipVicious blocker
>
>
>
> I am working on a freeswitch sipVicious blocker.
>
> I would like to run it from within freeswitch.
>
> Is there a way to get events while running within freeswitch without
> running a socket via ESL::ESLconnection?
>
>
>
> #!/usr/bin/perl
>
> use strict;
>
> use warnings;
>
> use ESL;
>
> my $c = new ESL::ESLconnection(
>
>             "localhost",
>
>             "8021",
>
>             "ClueCon"
>
> );
>
> $c->events(
>
>             "plain",
>
>             "CHANNEL_CREATE CUSTOM sofia::pre_register"
>
> );
>
> while ($c->connected()) {
>
>             my $event = $c->recvEvent();
>
> #do some stuff
>
> }
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20151112/03b91b57/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list