If you are not sure how to secure a box like this down - I sure hope for your sake that your telephony provider has some good anti-fraud measures in place or you have deep pockets and don&#39;t mind sending great wads of cash off to your provider(s).<div>

<br></div><div>You might want to spend a good amount of time coming up to speed with best practice security for boxes which do SIP and are connected to the public Internet.</div><div><br></div><div>Brent<br><br><div class="gmail_quote">

On Mon, Jan 31, 2011 at 1:54 AM, Joao Leme <span dir="ltr">&lt;<a href="mailto:joaocarlosleme@gmail.com">joaocarlosleme@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">

I figured. Same for Fail2Ban I guess. Any suggestions for Windows?<br><br>Also I was wondering why it never happened on my 1.0.4 (14460) version (precompiled version)? I had it running for a month 24hrs and had never seen this before. And after starting the Git Head (below) from Yesterday it happened in seconds all 3 times I restarted (restarted the computer to be sure). Maybe something wrong with the current version? To be safe I went back to my stable 1.0.4 version and haven&#39;t had any problems.<br>


<br>49a5effcdf2cea9e0ddcf146cf3fe85d1872e654<br>mod_callcenter: Add error response for queue load and queue reload (FS-2988) <br>Marc Olivier Chouinard<br> 2011-01-29 00:09:06<div><div></div><div class="h5"><br><br><div class="gmail_quote">

On Sun, Jan 30, 2011 at 2:10 AM, Peter Olsson <span dir="ltr">&lt;<a href="mailto:peter.olsson@visionutveckling.se" target="_blank">peter.olsson@visionutveckling.se</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex">iptables is a Linux command.<br>
<br>
/Peter<br>
<br>
<br>
----- Reply message -----<br>
Från: &quot;Joao Leme&quot; &lt;<a href="mailto:joaocarlosleme@gmail.com" target="_blank">joaocarlosleme@gmail.com</a>&gt;<br>
Datum: sön, jan 30, 2011 13:56<br>
Rubrik: [SPAM] - Re: [Freeswitch-users] Hacker Attack?<br>
Till: &quot;FreeSWITCH Users Help&quot; &lt;<a href="mailto:freeswitch-users@lists.freeswitch.org" target="_blank">freeswitch-users@lists.freeswitch.org</a>&gt;<br>
<div><br>
I tried &quot;iptables -I INPUT -s [212.224.71.236] -j DROP&quot; and got &quot; Unknown command: iptables...&quot;. Do I must install fail2ban to issue iptables command? I&#39;m on windows 7.<br>
Thanks<br>
<br>
</div><div>On Sat, Jan 29, 2011 at 4:26 PM, curriegrad2004 &lt;<a href="mailto:curriegrad2004@gmail.com" target="_blank">curriegrad2004@gmail.com</a>&lt;mailto:<a href="mailto:curriegrad2004@gmail.com" target="_blank">curriegrad2004@gmail.com</a>&gt;&gt; wrote:<br>



iptables -I INPUT -s [hackerip] -j DROP<br>
<br>
A better solution is searching the wiki for fail2ban with FreeSwitch.<br>
<br>
</div><div>On Sat, Jan 29, 2011 at 4:20 PM, Joao Leme &lt;<a href="mailto:joaocarlosleme@gmail.com" target="_blank">joaocarlosleme@gmail.com</a>&lt;mailto:<a href="mailto:joaocarlosleme@gmail.com" target="_blank">joaocarlosleme@gmail.com</a>&gt;&gt; wrote:<br>



&gt; How do I do that?<br>
&gt; Thanks!<br>
</div>&gt; On Sat, Jan 29, 2011 at 4:12 PM, curriegrad2004 &lt;<a href="mailto:curriegrad2004@gmail.com" target="_blank">curriegrad2004@gmail.com</a>&lt;mailto:<a href="mailto:curriegrad2004@gmail.com" target="_blank">curriegrad2004@gmail.com</a>&gt;&gt;<br>



<div>&gt; wrote:<br>
&gt;&gt;<br>
&gt;&gt; Try using iptables and block all incoming traffic from this specific host?<br>
&gt;&gt;<br>
</div>&gt;&gt; On Sat, Jan 29, 2011 at 3:39 PM, Joao Leme &lt;<a href="mailto:joaocarlosleme@gmail.com" target="_blank">joaocarlosleme@gmail.com</a>&lt;mailto:<a href="mailto:joaocarlosleme@gmail.com" target="_blank">joaocarlosleme@gmail.com</a>&gt;&gt;<br>



<div><div></div><div>&gt;&gt; wrote:<br>
&gt;&gt; &gt; I just downloaded and compiled the latest Git and a little after<br>
&gt;&gt; &gt; starting<br>
&gt;&gt; &gt; freeswitch I&#39;m getting non stop the following:<br>
&gt;&gt; &gt; [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
&gt;&gt; &gt; profile<br>
&gt;&gt; &gt; ‘internal’ for [140@76.XXX.XX.XXX] from ip 212.224.71.236<br>
&gt;&gt; &gt; [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
&gt;&gt; &gt; profile<br>
&gt;&gt; &gt; ‘internal’ for [140@76.XXX.XX.XXX] from ip 212.224.71.236<br>
&gt;&gt; &gt; [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
&gt;&gt; &gt; profile<br>
&gt;&gt; &gt; ‘internal’ for [thomas@76.XXX.XX.XXX] from ip 212.224.71.236<br>
&gt;&gt; &gt; [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
&gt;&gt; &gt; profile<br>
&gt;&gt; &gt; ‘internal’ for [thomas@76.XXX.XX.XXX] from ip 212.224.71.236<br>
&gt;&gt; &gt; [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
&gt;&gt; &gt; profile<br>
&gt;&gt; &gt; ‘internal’ for [140@76.XXX.XX.XXX] from ip 212.224.71.236<br>
&gt;&gt; &gt; [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
&gt;&gt; &gt; profile<br>
&gt;&gt; &gt; ‘internal’ for [140@76.XXX.XX.XXX] from ip 212.224.71.236<br>
&gt;&gt; &gt; [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
&gt;&gt; &gt; profile<br>
&gt;&gt; &gt; ‘internal’ for [thomas@76.XXX.XX.XXX] from ip 212.224.71.236<br>
&gt;&gt; &gt; [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
&gt;&gt; &gt; profile<br>
&gt;&gt; &gt; ‘internal’ for [thomas@76.XXX.XX.XXX] from ip 212.224.71.236<br>
&gt;&gt; &gt; [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
&gt;&gt; &gt; profile<br>
&gt;&gt; &gt; ‘internal’ for [140@76.XXX.XX.XXX] from ip 212.224.71.236<br>
&gt;&gt; &gt; [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
&gt;&gt; &gt; profile<br>
&gt;&gt; &gt; ‘internal’ for [140@76.XXX.XX.XXX] from ip 212.224.71.236<br>
&gt;&gt; &gt; [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
&gt;&gt; &gt; profile<br>
&gt;&gt; &gt; ‘internal’ for [thomas@76.XXX.XX.XXX] from ip 212.224.71.236<br>
&gt;&gt; &gt; [WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia<br>
&gt;&gt; &gt; profile<br>
&gt;&gt; &gt; ‘internal’ for [thomas@76.XXX.XX.XXX] from ip 212.224.71.236<br>
&gt;&gt; &gt; it&#39;s non-stop and doesn&#39;t let me do nothing else. After the first time I<br>
&gt;&gt; &gt; went on to vars and changed the 1234 password....restarted and same<br>
&gt;&gt; &gt; thing<br>
&gt;&gt; &gt; happened, I also try denying the ip on acl.conf (not sure if has<br>
&gt;&gt; &gt; something<br>
&gt;&gt; &gt; to do with it but gave it a try):<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; &lt;configuration name=&quot;acl.conf&quot; description=&quot;Network Lists&quot;&gt;<br>
&gt;&gt; &gt;         &lt;network-lists&gt;<br>
&gt;&gt; &gt;           &lt;list name=&quot;test2&quot; default=&quot;allow&quot;&gt;<br>
&gt;&gt; &gt;             &lt;node type=&quot;deny&quot; host=&quot;212.224.71.236&quot;<br>
&gt;&gt; &gt; mask=&quot;255.255.255.0&quot;/&gt;<br>
&gt;&gt; &gt;           &lt;/list&gt;<br>
&gt;&gt; &gt;         &lt;/network-lists&gt;<br>
&gt;&gt; &gt;       &lt;/configuration&gt;<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; Restarted the computer but nothing, he (thomas I guess) was back on my<br>
&gt;&gt; &gt; console.<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; Any ideas??? p.s. My computer is on DMZ (I know DMZ is not ideal but is<br>
&gt;&gt; &gt; the<br>
&gt;&gt; &gt; only way I got to be able to connect to the internal profile from out of<br>
&gt;&gt; &gt; the<br>
&gt;&gt; &gt; office etc).<br>
&gt;&gt; &gt; _______________________________________________<br>
&gt;&gt; &gt; FreeSWITCH-users mailing list<br>
</div></div>&gt;&gt; &gt; <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>&lt;mailto:<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>&gt;<br>



<div>&gt;&gt; &gt; <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
&gt;&gt; &gt; UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
&gt;&gt; &gt; <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt;<br>
&gt;&gt;<br>
&gt;&gt; _______________________________________________<br>
&gt;&gt; FreeSWITCH-users mailing list<br>
</div>&gt;&gt; <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>&lt;mailto:<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>&gt;<br>



<div>&gt;&gt; <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
&gt;&gt; UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
&gt;&gt; <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
&gt;<br>
&gt;<br>
&gt; _______________________________________________<br>
&gt; FreeSWITCH-users mailing list<br>
</div>&gt; <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>&lt;mailto:<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>&gt;<br>



<div>&gt; <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
&gt; UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
&gt; <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
&gt;<br>
&gt;<br>
<br>
_______________________________________________<br>
FreeSWITCH-users mailing list<br>
</div><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>&lt;mailto:<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>&gt;<br>


<div><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br>
</div>!DSPAM:4d450b3232767678720833!<br>
<div><div></div><div><br>
_______________________________________________<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</div></div></blockquote></div><br>
</div></div><br>_______________________________________________<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>--<br>Brent Paddon<br><br>Director | Over the Wire Pty Ltd <a href="mailto:brent.paddon@overthewire.com.au">brent.paddon@overthewire.com.au</a> | <a href="http://www.overthewire.com.au">www.overthewire.com.au</a><br>

Phone: 07 3847 9292 | Fax: 07 3847 9696 | Mobile: 0400 2400 54<br>
</div>