[Freeswitch-users] stop unwanted registration attempts

Mirko Brankovic mirkobrankovic at gmail.com
Wed Aug 3 12:12:17 MSD 2016


Hi,
I guess you can set this to true on your profile:
https://wiki.freeswitch.org/wiki/Sofia.conf.xml#log-auth-failures

and than fail2ban can pick it up from the log.

Mirko

On Wed, Aug 3, 2016 at 6:57 AM, Jungle Boogie <jungleboogie0 at gmail.com>
wrote:

> Hi All,
>
> How do people stop bad registration attempts to freeswitch? Is it pretty
> much impossible so don't worry about it as long as you have fail2ban?
>
> Using sngrep, I see lots of registration attempts like this:
>
> My actual IP has been replaced with 1.2.3.4.
>
> 2016/08/02 21:35:33.397073 195.154.48.130:5080 -> 192.168.0.137:5060
> REGISTER sip:1.2.3.4:5060 SIP/2.0
> Via: SIP/2.0/UDP
> 195.154.48.130:5080;branch=z9hG4bK23552ce85a146013577b3912;rport
> From: "7612" <sip:7612 at 1.2.3.4:5060>;tag=23552ce8ba27
> To: "7612" <sip:7612 at 1.2.3.4:5060>
> Call-ID: ce85a14-4c0e6013-577b3912 at 1.2.3.4
> CSeq: 1 REGISTER
> Contact: "7612" <sip:7612 at 195.154.48.130:5080>
> User-Agent: VaxSIPUserAgent/3.1
> Expires: 1800
> Max-Forwards: 70
> Content-Length: 0
>
> I have these iptables rules:
> -P INPUT ACCEPT
> -P FORWARD ACCEPT
> -P OUTPUT ACCEPT
> -N f2b-freeswitch
> -A INPUT -j f2b-freeswitch
> -A INPUT -p tcp -m string --string "VaxSIPUserAgent/3.1" --algo bm --to
> 65535 -j DROP
> -A INPUT -p udp -m string --string "VaxSIPUserAgent/3.1" --algo bm --to
> 65535 -j DROP
> -A INPUT -p udp -m udp --dport 5080 -m string --string "sipcli" --algo
> bm --to 65535 -j DROP
> -A INPUT -p udp -m udp --dport 5080 -m string --string
> "friendly-scanner" --algo bm --to 65535 -j DROP
> -A INPUT -p udp -m udp --dport 5080 -m string --string "VaxSIPUserAgent"
> --algo bm --to 65535 -j DROP
> -A INPUT -p udp -m udp --dport 5060 -m string --string "sipcli" --algo
> bm --to 65535 -j DROP
> -A INPUT -p udp -m udp --dport 5060 -m string --string
> "friendly-scanner" --algo bm --to 65535 -j DROP
> -A INPUT -p udp -m udp --dport 5060 -m string --string "VaxSIPUserAgent"
> --algo bm --to 65535 -j DROP
> -A INPUT -j f2b-freeswitch
> -A f2b-freeswitch -j RETURN
>
> Are my rules not stopping this registration because it's not being
> recorded in any logs?
>
> How do you stop (or prevent) unwanted registration attempts, even if
> it's a sip scanner?
>
> Thanks!
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 
Regards,
Mirko
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160803/e009a8c4/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list