[Freeswitch-users] Will fail2ban work for this?

Steven Schoch schoch+freeswitch.org at xwin32.com
Tue Mar 16 23:08:46 UTC 2021 

I just set up a new FreeSWITCH system on my home network, and set a forward
for port 5080 to connect to Flowroute. While I'm debugging some call
routing stuff, my logs are getting overrun with stuff like this:

2021-03-16 15:52:02.267501 [NOTICE] switch_channel.c:1118 New Channel
sofia/external/7750@<my IP> [2de89b87-cd07-4c0f-b9fb-3da8e5a68d37]

2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:585
(sofia/external/7750@<my IP>) Running State Change CS_NEW (Cur 1 Tot 7822)

2021-03-16 15:52:02.267501 [DEBUG] sofia.c:10280 sofia/external/7750@<my
IP> receiving invite from 80.94.93.12:62635 version: 1.10.5
-release-17-25569c1631 64bit

2021-03-16 15:52:02.267501 [DEBUG] sofia.c:7326 Channel sofia/external/7750@<my
IP> entering state [received][100]

2021-03-16 15:52:02.267501 [DEBUG] sofia.c:7336 Remote SDP:

v=0

o=- 81921704 81921704 IN IP4 0.0.0.0

s=pplsip

c=IN IP4 0.0.0.0

t=0 0

m=audio 7628 RTP/AVP 100 6 0 8 3 18 5 101

a=rtpmap:100 speex/16000

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-11

a=alt:1 1 : DF50DC48 0000001F 0.0.0.0 7628


2021-03-16 15:52:02.267501 [DEBUG] sofia.c:7739 (sofia/external/7750@<my
IP>) State Change CS_NEW -> CS_INIT

2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:604
(sofia/external/7750@<my IP>) State NEW

2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:585
(sofia/external/7750@<my IP>) Running State Change CS_INIT (Cur 1 Tot 7822)

2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:628
(sofia/external/7750@<my IP>) State INIT

2021-03-16 15:52:02.267501 [DEBUG] mod_sofia.c:93 sofia/external/7750@<my
IP> SOFIA INIT

2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:40
sofia/external/7750@<my IP> Standard INIT

2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:48
(sofia/external/7750@<my IP>) State Change CS_INIT -> CS_ROUTING

2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:628
(sofia/external/7750@<my IP>) State INIT going to sleep

2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:585
(sofia/external/7750@<my IP>) Running State Change CS_ROUTING (Cur 1 Tot
7822)

2021-03-16 15:52:02.267501 [DEBUG] switch_channel.c:2332
(sofia/external/7750@<my IP>) Callstate Change DOWN -> RINGING

2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:644
(sofia/external/7750@<my IP>) State ROUTING

2021-03-16 15:52:02.267501 [DEBUG] mod_sofia.c:154 sofia/external/7750@<my
IP> SOFIA ROUTING

2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:236
sofia/external/7750@<my IP> Standard ROUTING

2021-03-16 15:52:02.267501 [INFO] mod_dialplan_xml.c:637 Processing 7750
<7750>->900442037697855 in context public


I thought fail2ban was designed for stuff like this, but I don't see any
auth attempts here (I set "log-auth-failures" to "true"). These are coming
in a bit faster than 1 per second. It appears they are dialing random
extensions. How can I make them stop?

-- 
Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20210316/bb6d85c6/attachment.html>

More information about the FreeSWITCH-users mailing list