<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=windows-1252" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.18939">
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2>fail2ban on wiki</FONT></DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #000000 2px solid; PADDING-LEFT: 5px; PADDING-RIGHT: 0px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="FONT: 10pt arial; BACKGROUND: #e4e4e4; font-color: black"><B>From:</B>
<A title=joaocarlosleme@gmail.com href="mailto:joaocarlosleme@gmail.com">Joao
Leme</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=freeswitch-users@lists.freeswitch.org
href="mailto:freeswitch-users@lists.freeswitch.org">FreeSWITCH Users Help</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Saturday, January 29, 2011 7:20
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [Freeswitch-users] Hacker
Attack?</DIV>
<DIV><BR></DIV>How do I do that?
<DIV>Thanks!</DIV>
<DIV><BR>
<DIV class=gmail_quote>On Sat, Jan 29, 2011 at 4:12 PM, curriegrad2004 <SPAN
dir=ltr><<A
href="mailto:curriegrad2004@gmail.com">curriegrad2004@gmail.com</A>></SPAN>
wrote:<BR>
<BLOCKQUOTE
style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex"
class=gmail_quote>Try using iptables and block all incoming traffic from
this specific host?<BR>
<DIV>
<DIV></DIV>
<DIV class=h5><BR>On Sat, Jan 29, 2011 at 3:39 PM, Joao Leme <<A
href="mailto:joaocarlosleme@gmail.com">joaocarlosleme@gmail.com</A>>
wrote:<BR>> I just downloaded and compiled the latest Git and a little
after starting<BR>> freeswitch I'm getting non stop the
following:<BR>> [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER)
on sofia profile<BR>> ‘internal’ for [140@76.XXX.XX.XXX] from ip
212.224.71.236<BR>> [WARNING] sofia_reg.c:1247 SIP auth challenge
(REGISTER) on sofia profile<BR>> ‘internal’ for [140@76.XXX.XX.XXX] from
ip 212.224.71.236<BR>> [WARNING] sofia_reg.c:1247 SIP auth challenge
(REGISTER) on sofia profile<BR>> ‘internal’ for [thomas@76.XXX.XX.XXX]
from ip 212.224.71.236<BR>> [WARNING] sofia_reg.c:1247 SIP auth challenge
(REGISTER) on sofia profile<BR>> ‘internal’ for [thomas@76.XXX.XX.XXX]
from ip 212.224.71.236<BR>> [WARNING] sofia_reg.c:1247 SIP auth challenge
(REGISTER) on sofia profile<BR>> ‘internal’ for [140@76.XXX.XX.XXX] from
ip 212.224.71.236<BR>> [WARNING] sofia_reg.c:1247 SIP auth challenge
(REGISTER) on sofia profile<BR>> ‘internal’ for [140@76.XXX.XX.XXX] from
ip 212.224.71.236<BR>> [WARNING] sofia_reg.c:1247 SIP auth challenge
(REGISTER) on sofia profile<BR>> ‘internal’ for [thomas@76.XXX.XX.XXX]
from ip 212.224.71.236<BR>> [WARNING] sofia_reg.c:1247 SIP auth challenge
(REGISTER) on sofia profile<BR>> ‘internal’ for [thomas@76.XXX.XX.XXX]
from ip 212.224.71.236<BR>> [WARNING] sofia_reg.c:1247 SIP auth challenge
(REGISTER) on sofia profile<BR>> ‘internal’ for [140@76.XXX.XX.XXX] from
ip 212.224.71.236<BR>> [WARNING] sofia_reg.c:1247 SIP auth challenge
(REGISTER) on sofia profile<BR>> ‘internal’ for [140@76.XXX.XX.XXX] from
ip 212.224.71.236<BR>> [WARNING] sofia_reg.c:1247 SIP auth challenge
(REGISTER) on sofia profile<BR>> ‘internal’ for [thomas@76.XXX.XX.XXX]
from ip 212.224.71.236<BR>> [WARNING] sofia_reg.c:1247 SIP auth challenge
(REGISTER) on sofia profile<BR>> ‘internal’ for [thomas@76.XXX.XX.XXX]
from ip 212.224.71.236<BR>> it's non-stop and doesn't let me do nothing
else. After the first time I<BR>> went on to vars and changed the 1234
password....restarted and same thing<BR>> happened, I also try denying
the ip on acl.conf (not sure if has something<BR>> to do with it but gave
it a try):<BR>><BR>> <configuration name="acl.conf"
description="Network Lists"><BR>>
<network-lists><BR>> <list
name="test2" default="allow"><BR>>
<node type="deny" host="212.224.71.236"
mask="255.255.255.0"/><BR>>
</list><BR>>
</network-lists><BR>>
</configuration><BR>><BR>> Restarted the computer but nothing,
he (thomas I guess) was back on my<BR>> console.<BR>><BR>> Any
ideas??? p.s. My computer is on DMZ (I know DMZ is not ideal but is
the<BR>> only way I got to be able to connect to the internal profile
from out of the<BR>> office etc).<BR></DIV></DIV>>
_______________________________________________<BR>> FreeSWITCH-users
mailing list<BR>> <A
href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</A><BR>>
<A href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
target=_blank>http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</A><BR>>
UNSUBSCRIBE:<A
href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
target=_blank>http://lists.freeswitch.org/mailman/options/freeswitch-users</A><BR>>
<A href="http://www.freeswitch.org"
target=_blank>http://www.freeswitch.org</A><BR>><BR>><BR><BR>_______________________________________________<BR>FreeSWITCH-users
mailing list<BR><A
href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</A><BR><A
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
target=_blank>http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</A><BR>UNSUBSCRIBE:<A
href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
target=_blank>http://lists.freeswitch.org/mailman/options/freeswitch-users</A><BR><A
href="http://www.freeswitch.org"
target=_blank>http://www.freeswitch.org</A><BR></BLOCKQUOTE></DIV><BR></DIV>
<P>
<HR>
<P></P>_______________________________________________<BR>FreeSWITCH-users
mailing
list<BR>FreeSWITCH-users@lists.freeswitch.org<BR>http://lists.freeswitch.org/mailman/listinfo/freeswitch-users<BR>UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<BR>http://www.freeswitch.org<BR></BLOCKQUOTE></BODY></HTML>