<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=DE-CH link=blue vlink=purple>
<div class=WordSection1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Hi,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>wouldn’t it be a good task for freeswitch, to detect register
spoofing and call a “hook” (maybe a script) which than could close the firewall?
Or that freeswitch will just ignore any request from the given IP for a a
certain time. <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I tried to find a good application/script to prevent register
spoofing but the only thing was the fail2ban script. Couldn’t freeswitch just
speak directly with the firewall and drop these requests </span><span
lang=EN-US style='font-size:11.0pt;font-family:Wingdings;color:#1F497D'>J</span><span
lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> ?<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Best regards,<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Bernhard<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=DE style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Von:</span></b><span
lang=DE style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
freeswitch-users-bounces@lists.freeswitch.org
[mailto:freeswitch-users-bounces@lists.freeswitch.org] <b>Im Auftrag von </b>Kristian
Kielhofner<br>
<b>Gesendet:</b> Dienstag, 10. August 2010 02:05<br>
<b>An:</b> freeswitch-users@lists.freeswitch.org<br>
<b>Betreff:</b> Re: [Freeswitch-users] we are under attack<o:p></o:p></span></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:navy'>Oh yeah, that was it :). I leave default to accept and add my own
drop everything at the end.<br>
<br>
<br>
-- <br>
Kristian Kielhofner <br>
<a href="http://blog.krisk.org">http://blog.krisk.org</a></span><o:p></o:p></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<div class=MsoNormal align=center style='text-align:center'>
<hr size=2 width="100%" align=center>
</div>
<p class=MsoNormal style='margin-bottom:12.0pt'><b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'>From</span></b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'>: <a
href="mailto:freeswitch-users-bounces@lists.freeswitch.org">freeswitch-users-bounces@lists.freeswitch.org</a>
<<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org">freeswitch-users-bounces@lists.freeswitch.org</a>>
<br>
<b>To</b>: FreeSWITCH Users Help <<a
href="mailto:freeswitch-users@lists.freeswitch.org">freeswitch-users@lists.freeswitch.org</a>>
<br>
<b>Sent</b>: Mon Aug 09 19:55:53 2010<br>
<b>Subject</b>: Re: [Freeswitch-users] we are under attack </span><o:p></o:p></p>
</div>
<p class=MsoNormal>with your permission ill probably copy the script to the FS
wiki, and attribute it with links to the other locations.<o:p></o:p></p>
<div>
<p class=MsoNormal>( that way we dont rely on a 3rd party site to stay up )<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>as for the issue with STOP...<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>.. i removes all rules :)<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>and if you have the default set to drop all incoming, then
.. well your stuffed..<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>STOP should just back out the rules that the script added,
not remove everything <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>J<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<p class=MsoNormal>On Tue, Aug 10, 2010 at 12:23 AM, Kristian Kielhofner <<a
href="mailto:kris@kriskinc.com">kris@kriskinc.com</a>> wrote:<o:p></o:p></p>
<p class=MsoNormal> The current version of the script and a little
background can be found here:<br>
<br>
<a href="http://blog.krisk.org/2008/07/sip-dosddos-mitigation.html"
target="_blank">http://blog.krisk.org/2008/07/sip-dosddos-mitigation.html</a><br>
<br>
I have no problem linking the FS wiki to either of these but the<br>
eTel wiki will probably get taken down eventually.<br>
<br>
As far as the issue with the stop command... I remember us talking<br>
about it but I don't remember the specific problem. Care to refresh<br>
my memory?<o:p></o:p></p>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</div>
</div>
</div>
</body>
</html>