[Freeswitch-users] Scanners and botnet vulnerability
brian at freeswitch.com
Mon Feb 1 18:42:34 UTC 2021
It would log it, unless you have it misconfigured.
On Mon, Feb 1, 2021 at 11:02 AM Marc Bernard <marcb at voicemeup.com> wrote:
> Hi Ken,
> >> Wouldn't it make more sense for this log to include the IP of sip
> client that abandoned the call (220.127.116.11) instead of only the IP of the sip
> (18.104.22.168) ?
> What about my suggestion though, which would allow us to block IPs when
> there is a lot of abandoned calls ?
> This could also be added to fail2ban by default with a more aggressive ban.
> -----Original Message-----
> this is super common. this is more likely a recon attack than an actual
> brute force attempt. Eother that they are looking for something with auth
> turned off. we see tons of these things regularly. Fail to ban helps some
> but using a SIP RBL and dropping traffic via prefixes associated with
> regions and bad actor hosts seems to be the best course of action these
> I wont name the company, but a mjor european hosting company i drop their
> entire AS as its not worth the hassle.
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
> Build your next product on our scalable cloud platform.
> Join our online community to chat in real time
> Professional FreeSWITCH Services
> sales at freeswitch.com
> Official FreeSWITCH Sites
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
Brian West | Co-founder and Developer
Need Commercial support? email sales at freeswitch.com
FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
Email: brian at freeswitch.com
Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the FreeSWITCH-users