[Freeswitch-users] how to block requests with From Ip equal to server interface IP?
Miguel Jesús López Valverde
mjlopez at smartic.es
Fri Dec 15 17:32:33 UTC 2017
Good afternoon everyone
I get a new query regarding a type of attack that our freeswitch servers
receive constantly in case someone knows how to block them.
These are INVITE or REGISTER requests in which the FROM: field arrives with
the ip and port equal to the public interface of the server, so the
different protection options that I have tried have not blocked these
requests:
- IpTables can not filter by the information From the INVITE message.
- Fail2Ban is equally limited than IpTables.
- ACLs have not resolved to filter these requests.
Does anyone know any way to block these requests?
I send here a trace with an INVITE message where you can see a request of
this type.
Thanks and best regards.
U 2017/12/14 18:32:55.156886 185.107.94.121:11120 -> 182.30.1.194:5060
INVITE sip:390239297988@ 182.30.1.194:5060;transport=UDP SIP/2.0.
Via: SIP/2.0/UDP
122.221.117.131:5060;branch=z9hG4bK-524287-1---xi3qy2kz737ni404.
Max-Forwards: 70.
Contact: <sip:15714000000 at 122.221.117.131:5060;transport=UDP>.
To: <sip:390239297988@ 182.30.1.194;transport=UDP>.
From: <sip:15714000000@ 182.30.1.194;transport=UDP>;tag=hlzg2jcv.
Call-ID: KaQqH51mAcFv34qN8cGyv3...
CSeq: 1 INVITE.
Content-Type: application/sdp.
User-Agent: Z 3.14.38765 rv2.8.3.
Allow-Events: presence, kpml, talk.
Content-Length: 0.
.
---
El software de antivirus Avast ha analizado este correo electrónico en busca de virus.
https://www.avast.com/antivirus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20171215/4dc3d055/attachment.html>
More information about the FreeSWITCH-users
mailing list