If you are not sure how to secure a box like this down - I sure hope for your sake that your telephony provider has some good anti-fraud measures in place or you have deep pockets and don't mind sending great wads of cash off to your provider(s).<div>
<br></div><div>You might want to spend a good amount of time coming up to speed with best practice security for boxes which do SIP and are connected to the public Internet.</div><div><br></div><div>Brent<br><br><div class="gmail_quote">
On Mon, Jan 31, 2011 at 1:54 AM, Joao Leme <span dir="ltr"><<a href="mailto:joaocarlosleme@gmail.com">joaocarlosleme@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
I figured. Same for Fail2Ban I guess. Any suggestions for Windows?<br><br>Also I was wondering why it never happened on my 1.0.4 (14460) version (precompiled version)? I had it running for a month 24hrs and had never seen this before. And after starting the Git Head (below) from Yesterday it happened in seconds all 3 times I restarted (restarted the computer to be sure). Maybe something wrong with the current version? To be safe I went back to my stable 1.0.4 version and haven't had any problems.<br>
<br>49a5effcdf2cea9e0ddcf146cf3fe85d1872e654<br>mod_callcenter: Add error response for queue load and queue reload (FS-2988) <br>Marc Olivier Chouinard<br> 2011-01-29 00:09:06<div><div></div><div class="h5"><br><br><div class="gmail_quote">
On Sun, Jan 30, 2011 at 2:10 AM, Peter Olsson <span dir="ltr"><<a href="mailto:peter.olsson@visionutveckling.se" target="_blank">peter.olsson@visionutveckling.se</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex">iptables is a Linux command.<br>
<br>
/Peter<br>
<br>
<br>
----- Reply message -----<br>
Från: "Joao Leme" <<a href="mailto:joaocarlosleme@gmail.com" target="_blank">joaocarlosleme@gmail.com</a>><br>
Datum: sön, jan 30, 2011 13:56<br>
Rubrik: [SPAM] - Re: [Freeswitch-users] Hacker Attack?<br>
Till: "FreeSWITCH Users Help" <<a href="mailto:freeswitch-users@lists.freeswitch.org" target="_blank">freeswitch-users@lists.freeswitch.org</a>><br>
<div><br>
I tried "iptables -I INPUT -s [212.224.71.236] -j DROP" and got " Unknown command: iptables...". Do I must install fail2ban to issue iptables command? I'm on windows 7.<br>
Thanks<br>
<br>
</div><div>On Sat, Jan 29, 2011 at 4:26 PM, curriegrad2004 <<a href="mailto:curriegrad2004@gmail.com" target="_blank">curriegrad2004@gmail.com</a><mailto:<a href="mailto:curriegrad2004@gmail.com" target="_blank">curriegrad2004@gmail.com</a>>> wrote:<br>
iptables -I INPUT -s [hackerip] -j DROP<br>
<br>
A better solution is searching the wiki for fail2ban with FreeSwitch.<br>
<br>
</div><div>On Sat, Jan 29, 2011 at 4:20 PM, Joao Leme <<a href="mailto:joaocarlosleme@gmail.com" target="_blank">joaocarlosleme@gmail.com</a><mailto:<a href="mailto:joaocarlosleme@gmail.com" target="_blank">joaocarlosleme@gmail.com</a>>> wrote:<br>
> How do I do that?<br>
> Thanks!<br>
</div>> On Sat, Jan 29, 2011 at 4:12 PM, curriegrad2004 <<a href="mailto:curriegrad2004@gmail.com" target="_blank">curriegrad2004@gmail.com</a><mailto:<a href="mailto:curriegrad2004@gmail.com" target="_blank">curriegrad2004@gmail.com</a>>><br>
<div>> wrote:<br>
>><br>
>> Try using iptables and block all incoming traffic from this specific host?<br>
>><br>
</div>>> On Sat, Jan 29, 2011 at 3:39 PM, Joao Leme <<a href="mailto:joaocarlosleme@gmail.com" target="_blank">joaocarlosleme@gmail.com</a><mailto:<a href="mailto:joaocarlosleme@gmail.com" target="_blank">joaocarlosleme@gmail.com</a>>><br>
<div><div></div><div>>> wrote:<br>
>> > I just downloaded and compiled the latest Git and a little after<br>
>> > starting<br>
>> > freeswitch I'm getting non stop the following:<br>
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
>> > profile<br>
>> > ‘internal’ for [140@76.XXX.XX.XXX] from ip 212.224.71.236<br>
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
>> > profile<br>
>> > ‘internal’ for [140@76.XXX.XX.XXX] from ip 212.224.71.236<br>
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
>> > profile<br>
>> > ‘internal’ for [thomas@76.XXX.XX.XXX] from ip 212.224.71.236<br>
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
>> > profile<br>
>> > ‘internal’ for [thomas@76.XXX.XX.XXX] from ip 212.224.71.236<br>
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
>> > profile<br>
>> > ‘internal’ for [140@76.XXX.XX.XXX] from ip 212.224.71.236<br>
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
>> > profile<br>
>> > ‘internal’ for [140@76.XXX.XX.XXX] from ip 212.224.71.236<br>
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
>> > profile<br>
>> > ‘internal’ for [thomas@76.XXX.XX.XXX] from ip 212.224.71.236<br>
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
>> > profile<br>
>> > ‘internal’ for [thomas@76.XXX.XX.XXX] from ip 212.224.71.236<br>
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
>> > profile<br>
>> > ‘internal’ for [140@76.XXX.XX.XXX] from ip 212.224.71.236<br>
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
>> > profile<br>
>> > ‘internal’ for [140@76.XXX.XX.XXX] from ip 212.224.71.236<br>
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
>> > profile<br>
>> > ‘internal’ for [thomas@76.XXX.XX.XXX] from ip 212.224.71.236<br>
>> > [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
>> > profile<br>
>> > ‘internal’ for [thomas@76.XXX.XX.XXX] from ip 212.224.71.236<br>
>> > it's non-stop and doesn't let me do nothing else. After the first time I<br>
>> > went on to vars and changed the 1234 password....restarted and same<br>
>> > thing<br>
>> > happened, I also try denying the ip on acl.conf (not sure if has<br>
>> > something<br>
>> > to do with it but gave it a try):<br>
>> ><br>
>> > <configuration name="acl.conf" description="Network Lists"><br>
>> > <network-lists><br>
>> > <list name="test2" default="allow"><br>
>> > <node type="deny" host="212.224.71.236"<br>
>> > mask="255.255.255.0"/><br>
>> > </list><br>
>> > </network-lists><br>
>> > </configuration><br>
>> ><br>
>> > Restarted the computer but nothing, he (thomas I guess) was back on my<br>
>> > console.<br>
>> ><br>
>> > Any ideas??? p.s. My computer is on DMZ (I know DMZ is not ideal but is<br>
>> > the<br>
>> > only way I got to be able to connect to the internal profile from out of<br>
>> > the<br>
>> > office etc).<br>
>> > _______________________________________________<br>
>> > FreeSWITCH-users mailing list<br>
</div></div>>> > <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><mailto:<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>><br>
<div>>> > <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>> > UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
>> > <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
>> ><br>
>> ><br>
>><br>
>> _______________________________________________<br>
>> FreeSWITCH-users mailing list<br>
</div>>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><mailto:<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>><br>
<div>>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
>> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
><br>
><br>
> _______________________________________________<br>
> FreeSWITCH-users mailing list<br>
</div>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><mailto:<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>><br>
<div>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
><br>
><br>
<br>
_______________________________________________<br>
FreeSWITCH-users mailing list<br>
</div><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><mailto:<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>><br>
<div><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br>
</div>!DSPAM:4d450b3232767678720833!<br>
<div><div></div><div><br>
_______________________________________________<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</div></div></blockquote></div><br>
</div></div><br>_______________________________________________<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>--<br>Brent Paddon<br><br>Director | Over the Wire Pty Ltd <a href="mailto:brent.paddon@overthewire.com.au">brent.paddon@overthewire.com.au</a> | <a href="http://www.overthewire.com.au">www.overthewire.com.au</a><br>
Phone: 07 3847 9292 | Fax: 07 3847 9696 | Mobile: 0400 2400 54<br>
</div>