[Freeswitch-users] event based sipVicious blocker
Brian West
brian at freeswitch.org
Fri Nov 13 20:46:28 MSK 2015
see
scripts/perl/f-off-friendly-scanner.pl
I wrote it as an example :)
/b
On Wed, Nov 11, 2015 at 10:42 AM, Russell Treleaven <rtreleaven at bunnykick.ca
> wrote:
> Sure that will work but I wanted to make this event based for my own
> education.
>
> Thanks for quick reply
>
>
> On Wed, Nov 11, 2015 at 11:33 AM, Ken Rice <krice at freeswitch.org> wrote:
>
>> Why not just block it with iptables?
>>
>>
>>
>>
>>
>> iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string
>> "VaxSIPUserAgent" --algo bm
>>
>> iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string
>> "friendly-scanner" --algo bm
>>
>> iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "sipcli"
>> --algo bm
>>
>> iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string
>> "VaxSIPUserAgent" --algo bm
>>
>> iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string
>> "friendly-scanner" --algo bm
>>
>> iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "sipcli"
>> --algo bm
>>
>>
>>
>>
>>
>> these will get 99% of it because the script kiddies doing the scanning
>> aren’t really that bright… there may be some additional strings to want to
>> block, but these work great when combined with fail2bans log parser
>>
>>
>>
>> *From:* freeswitch-users-bounces at lists.freeswitch.org [mailto:
>> freeswitch-users-bounces at lists.freeswitch.org] *On Behalf Of *Russell
>> Treleaven
>> *Sent:* Wednesday, November 11, 2015 10:29 AM
>> *To:* FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
>> *Subject:* [Freeswitch-users] event based sipVicious blocker
>>
>>
>>
>> I am working on a freeswitch sipVicious blocker.
>>
>> I would like to run it from within freeswitch.
>>
>> Is there a way to get events while running within freeswitch without
>> running a socket via ESL::ESLconnection?
>>
>>
>>
>> #!/usr/bin/perl
>>
>> use strict;
>>
>> use warnings;
>>
>> use ESL;
>>
>> my $c = new ESL::ESLconnection(
>>
>> "localhost",
>>
>> "8021",
>>
>> "ClueCon"
>>
>> );
>>
>> $c->events(
>>
>> "plain",
>>
>> "CHANNEL_CREATE CUSTOM sofia::pre_register"
>>
>> );
>>
>> while ($c->connected()) {
>>
>> my $event = $c->recvEvent();
>>
>> #do some stuff
>>
>> }
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
--
*Brian West*
brian at freeswitch.org
*Twitter: @FreeSWITCH , @briankwest*
http://www.freeswitchbook.com
http://www.freeswitchcookbook.com
Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
/r/freeswitch <https://www.reddit.com/r/freeswitch>
*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20151113/da1997b0/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list