<p>This happens all the time. You need fail2ban set up properly. There are articles on both the freeswitch and fusionpbx wikis. I run a public server and I get people doing scans all the time. Does it worry me? No. Of course not. That's what fail2ban and other measures are for. Don't need to get all tinfoil hat about this.</p>
<div class="gmail_quote">On Mar 11, 2012 7:09 PM, "Bzzz" <<a href="mailto:lazyvirus@gmx.com">lazyvirus@gmx.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
I just setup an FS svr w/ fusionpbx (only ext.+users created), and I<br>
found THAT in the FS log:<br>
<br>
2012-03-11 16:51:30.795812 [DEBUG] sofia.c:7567 IP 72.55.156.56 Rejected by acl "domains". Falling back to Digest auth.<br>
2012-03-11 16:51:30.795812 [WARNING] sofia_reg.c:1422 SIP auth challenge (INVITE) on sofia profile 'internal' for [<a href="mailto:88775950945170@86.68.18.226">88775950945170@86.68.18.226</a>] from ip 72.55.156.56<br>
2012-03-11 16:51:31.115813 [DEBUG] sofia.c:7567 IP 72.55.156.56 Rejected by acl "domains". Falling back to Digest auth.<br>
2012-03-11 16:51:31.115813 [WARNING] sofia_reg.c:1422 SIP auth challenge (INVITE) on sofia profile 'internal' for [<a href="mailto:011441212790583@86.68.18.226">011441212790583@86.68.18.226</a>] from ip 72.55.156.56<br>
2012-03-11 16:51:31.985813 [DEBUG] sofia.c:7567 IP 72.55.156.56 Rejected by acl "domains". Falling back to Digest auth.<br>
2012-03-11 16:51:31.985813 [WARNING] sofia_reg.c:1422 SIP auth challenge (INVITE) on sofia profile 'internal' for [<a href="mailto:00441212790587@86.68.18.226">00441212790587@86.68.18.226</a>] from ip 72.55.156.56<br>
2012-03-11 16:51:33.015828 [DEBUG] sofia.c:7567 IP 72.55.156.56 Rejected by acl "domains". Falling back to Digest auth.<br>
2012-03-11 16:51:33.015828 [WARNING] sofia_reg.c:1422 SIP auth challenge (INVITE) on sofia profile 'internal' for [<a href="mailto:000441212790581@86.68.18.226">000441212790581@86.68.18.226</a>] from ip 72.55.156.56<br>
<br>
How can this freak reach my svr as I'm in my LAN and my modem box<br>
integrates a firewall.<br>
<br>
Oook (but not): just checked my box and found that there are 4<br>
uPNP new rules:<br>
0 UDP 5060 192.168.1.25 5060<br>
1 TCP 5060 192.168.1.25 5060<br>
2 UDP 5080 192.168.1.25 5080<br>
3 TCP 5080 192.168.1.25 5080<br>
<br>
I understand FS is opening these ports to be reached by external<br>
subscribers, but where can I stop it to do so until I made my<br>
internal tests, change these ports and limited VoIP to TLS only?<br>
<br>
JY<br>
--<br>
masturbation, n.:<br>
Coming unscrewed.<br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div>