<HTML>
<HEAD>
<TITLE>Re: [Freeswitch-users] What kind of attack is this?</TITLE>
</HEAD>
<BODY>
<FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:11pt'>There are counter attacks for sipvicious, the author has intentionally left ways to counter strike... This is something that fail2ban and others are out there for... Building them into freeswitch itself would create even more overhead and probably couldn&#8217;t do as good of a job as a purpose build IDS<BR>
<BR>
<BR>
On 10/14/13 12:21 PM, &quot;Martin Cmelik&quot; &lt;<a href="martin.cmelik@gmail.com">martin.cmelik@gmail.com</a>&gt; wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:11pt'>Wouldnt be possible to have some IDS countermeasure and attack mitigation directly build in FS?<BR>
For example Snort have more than 100 signatures for SIP attacks, but Snort is resource intensive and also cant inspect encrypted traffic.<BR>
<BR>
Thank you<BR>
<BR>
S pozdravem / Best regards,<BR>
Martin Čmel&iacute;k<BR>
<BR>
Sent from &#63743;<BR>
<BR>
On 14. 10. 2013, at 18:59, Steven Ayre &lt;<a href="steveayre@gmail.com">steveayre@gmail.com</a>&gt; wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:11pt'>Remember unless it gets blocked upstream the packet will still hit your firewall/server. Not FreeSWITCH sure, but it'll still consume some resources to receive, identify and block it. The scanner does not care that you're not responding, it'll continue to send anyway.<BR>
<BR>
<BR>
On 14 October 2013 15:57, Mimiko &lt;<a href="vbvbrj@gmail.com">vbvbrj@gmail.com</a>&gt; wrote:<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:11pt'>On 14.10.2013 17:54, Ken Rice wrote:<BR>
&gt; This is sipvicious, its a brute force scanner... See<BR>
&gt; <a href="http://wiki.freeswitch.org/wiki/Fail2ban">http://wiki.freeswitch.org/wiki/Fail2ban</a> &nbsp;on how to setup Fail2ban with<BR>
&gt; FreeSWITCH to defeat this attack<BR>
<BR>
Ken thank you. I am planning to set up Fail2ban. But for now need to<BR>
drop any packet from offending IP.<BR>
<FONT COLOR="#888888"><BR>
--<BR>
Mimiko desu.<BR>
</FONT><BR>
_________________________________________________________________________<BR>
Professional FreeSWITCH Consulting Services:<BR>
<a href="consulting@freeswitch.org">consulting@freeswitch.org</a><BR>
<a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a><BR>
<BR>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<BR>
<a href="http://www.cudatel.com">http://www.cudatel.com</a><BR>
<BR>
Official FreeSWITCH Sites<BR>
<a href="http://www.freeswitch.org">http://www.freeswitch.org</a><BR>
<a href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a><BR>
<a href="http://www.cluecon.com">http://www.cluecon.com</a><BR>
<BR>
FreeSWITCH-users mailing list<BR>
<a href="FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><BR>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><BR>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><BR>
<a href="http://www.freeswitch.org">http://www.freeswitch.org</a><BR>
</SPAN></FONT></BLOCKQUOTE><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:11pt'><BR>
_________________________________________________________________________<BR>
Professional FreeSWITCH Consulting Services:<BR>
<a href="consulting@freeswitch.org">consulting@freeswitch.org</a><BR>
<a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a><BR>
<BR>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<BR>
<a href="http://www.cudatel.com">http://www.cudatel.com</a><BR>
<BR>
Official FreeSWITCH Sites<BR>
<a href="http://www.freeswitch.org">http://www.freeswitch.org</a><BR>
<a href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a><BR>
<a href="http://www.cluecon.com">http://www.cluecon.com</a><BR>
<BR>
FreeSWITCH-users mailing list<BR>
<a href="FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><BR>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><BR>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a> &lt;<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>&gt; <BR>
<a href="http://www.freeswitch.org">http://www.freeswitch.org</a><BR>
</SPAN></FONT></BLOCKQUOTE><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:11pt'><BR>
<HR ALIGN=CENTER SIZE="3" WIDTH="95%"></SPAN></FONT><FONT SIZE="2"><FONT FACE="Consolas, Courier New, Courier"><SPAN STYLE='font-size:10pt'>_________________________________________________________________________<BR>
Professional FreeSWITCH Consulting Services:<BR>
<a href="consulting@freeswitch.org">consulting@freeswitch.org</a><BR>
<a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a><BR>
<BR>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<BR>
<a href="http://www.cudatel.com">http://www.cudatel.com</a><BR>
<BR>
Official FreeSWITCH Sites<BR>
<a href="http://www.freeswitch.org">http://www.freeswitch.org</a><BR>
<a href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a><BR>
<a href="http://www.cluecon.com">http://www.cluecon.com</a><BR>
<BR>
FreeSWITCH-users mailing list<BR>
<a href="FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><BR>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><BR>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><BR>
<a href="http://www.freeswitch.org">http://www.freeswitch.org</a><BR>
</SPAN></FONT></FONT></BLOCKQUOTE><FONT SIZE="2"><FONT FACE="Consolas, Courier New, Courier"><SPAN STYLE='font-size:10pt'><BR>
</SPAN></FONT></FONT><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:11pt'>-- <BR>
Ken<BR>
<FONT COLOR="#0000FF"><U><a href="http://www.FreeSWITCH.org">http://www.FreeSWITCH.org</a><BR>
<a href="http://www.ClueCon.com">http://www.ClueCon.com</a><BR>
<a href="http://www.OSTAG.org">http://www.OSTAG.org</a><BR>
</U></FONT>irc.freenode.net #freeswitch<BR>
</SPAN></FONT>
</BODY>
</HTML>