<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Wouldnt be possible to have some IDS countermeasure and attack mitigation directly build in FS?</div><div>For example Snort have more than 100 signatures for SIP attacks, but Snort is resource intensive and also cant inspect encrypted traffic.</div><div><br></div><div>Thank you<br><br><div>S pozdravem / Best regards,</div><div>Martin Čmelík</div><div><br></div>Sent from <span style="background-color: rgba(255, 255, 255, 0);"></span></div><div><br>On 14. 10. 2013, at 18:59, Steven Ayre <<a href="mailto:steveayre@gmail.com">steveayre@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">Remember unless it gets blocked upstream the packet will still hit your firewall/server. Not FreeSWITCH sure, but it'll still consume some resources to receive, identify and block it. The scanner does not care that you're not responding, it'll continue to send anyway.</div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On 14 October 2013 15:57, Mimiko <span dir="ltr"><<a href="mailto:vbvbrj@gmail.com" target="_blank">vbvbrj@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On 14.10.2013 17:54, Ken Rice wrote:<br>
> This is sipvicious, its a brute force scanner... See<br>
> <a href="http://wiki.freeswitch.org/wiki/Fail2ban" target="_blank">http://wiki.freeswitch.org/wiki/Fail2ban</a> on how to setup Fail2ban with<br>
> FreeSWITCH to defeat this attack<br>
<br>
</div>Ken thank you. I am planning to set up Fail2ban. But for now need to<br>
drop any packet from offending IP.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Mimiko desu.<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</div></div></blockquote></div><br></div>
</div></blockquote><blockquote type="cite"><div><span>_________________________________________________________________________</span><br><span>Professional FreeSWITCH Consulting Services:</span><br><span><a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a></span><br><span><a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a></span><br><span></span><br><span>FreeSWITCH-powered IP PBX: The CudaTel Communication Server</span><br><span><a href="http://www.cudatel.com">http://www.cudatel.com</a></span><br><span></span><br><span>Official FreeSWITCH Sites</span><br><span><a href="http://www.freeswitch.org">http://www.freeswitch.org</a></span><br><span><a href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a></span><br><span><a href="http://www.cluecon.com">http://www.cluecon.com</a></span><br><span></span><br><span>FreeSWITCH-users mailing list</span><br><span><a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a></span><br><span><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a></span><br><span>UNSUBSCRIBE:http://<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users">lists.freeswitch.org/mailman/options/freeswitch-users</a></span><br><span><a href="http://www.freeswitch.org">http://www.freeswitch.org</a></span><br></div></blockquote></body></html>