Also, don't forget that the author of SIPVicious came and spoke to us about his project. He mentioned that most friendly scanners are using an older version of SIPVicious that susceptible to a "retaliatory attack" that will bring the script to a screeching halt.<br>
<br><a href="http://wiki.freeswitch.org/wiki/Weekly_Conference_Call">http://wiki.freeswitch.org/wiki/Weekly_Conference_Call</a> (get recording from 2011-04-13)<br><br>-MC<br><br><div class="gmail_quote">On Tue, Feb 14, 2012 at 9:05 AM, Avi Marcus <span dir="ltr"><<a href="mailto:avi@avimarcus.net">avi@avimarcus.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I saw some comments about friendly-scanner that putting a REJECT in iptables or responding with a SIP 200 OK caused the scanner to stop nearly immediately. Might be worth looking into..<div>
<br clear="all"><div dir="ltr">
<span style="font-family:Verdana,Arial,Helvetica,sans-serif"><span style="font-size:small">-Avi</span></span></div>
<br><br><div class="gmail_quote"><div><div class="h5">On Tue, Feb 14, 2012 at 6:40 PM, Michael Giagnocavo <span dir="ltr"><<a href="mailto:mgg@giagnocavo.net" target="_blank">mgg@giagnocavo.net</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
<div link="blue" vlink="purple" lang="EN-US"><div><p class="MsoNormal"><a name="1357cd4d4fa01728_1357cbef01bfa6b7__MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">ACL’ing like folks have suggested should help. But the problem is these attacks don’t always stop just because you’ve stopped responding. I’ve seen multi-day sustained scans at 30Mbps, </span></a><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">but I’m sure they go much higher.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">As folks have suggested, run SIP on another port to avoid detection, and only open your firewall on 5060 for absolute necessities.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I was under the impression that Canadian bandwidth limits were more for DSL and the like. If you get a colo’d machine or something, you should not have problems with caps, right?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">-Michael<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> <a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a> [mailto:<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a>] <b>On Behalf Of </b>Philippe Le Toquin<br>
<b>Sent:</b> Tuesday, February 07, 2012 7:42 AM<br><b>To:</b> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br><b>Subject:</b> [Freeswitch-users] needs some advice to secure my system<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Hello,<br><br>Sorry to ask like that but could someone points me to some site that explains exactly what I need to open towards the internet so that<br>my FS server is working while limiting its visibility?<br>
<br>since 1st of February I have an IP that continually sends me SIP Register request at a rate of 70KB/s. I have complained to my internet<br>provider but they refuse to help saying that the problem is on my side. I also logged a complain to the provider on that IP and am waiting on that.<br>
<br>At the moment on my firewall I opened port 5060 and 5080 (well now I blocked as well that IP) but I want to know if both are really needed or if I could block one of them<br> or may be limit the port to some IP. <br>
<br>
Any help/links will be gladly received <br><br>thanks<br><br>/Philippe<u></u><u></u></p></div></div><br></div></div>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br>