<HTML>
<HEAD>
<TITLE>Re: [Freeswitch-users] Fake ANI attack or issue.</TITLE>
</HEAD>
<BODY>
<FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:11pt'>This is probably a sipvicious or similar scan looking for open sip servers to terminate illicit traffic... There are numerous posts in the list archives on this subject (and the list archives are heavily indexed by google). Check out fail2ban and related wiki articles also...<BR>
<BR>
Another way to limit this traffic is if you know all the netblocks only allow sip traffic from those in IP Tables... Or filter those via the various FS mechanisms...<BR>
<BR>
K<BR>
<BR>
<BR>
On 12/9/13 6:39 PM, "<a href="stephen@picardogroup.com">stephen@picardogroup.com</a>" <<a href="stephen@picardogroup.com">stephen@picardogroup.com</a>> wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT SIZE="2"><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:10pt'>Have an existing FS app using 800 inbound with SIP carrier. No IP address is sent.<BR>
<BR>
Below is example of good call with proper ANI and DNIS sent from our carrier. (Modified to protect info.)<BR>
<BR>
12:27:43 lsvc:Inbound call from ANI xxxxxxxxxx to DNIS 800xxxxxxx<BR>
12:27:44 (121094) lsvc:SERVER_TYPE is: 0<BR>
12:27:44 (121093) lsvc:Staff 2 logged in<BR>
12:27:47 (121094) lsvc:Caller is entering his phone number<BR>
12:27:48 (121093) lsvc:disconnected reason was NONE<BR>
12:27:48 (121093) lsvc:lsvc_in: completed call successfully<BR>
12:27:52 (121094) lsvc:The caller typed in a home phone number of xxxxxxxxxx<BR>
<BR>
Below is example of hits we are taking that are not being sent from our carrier (I assume direct hits to router)<BR>
<BR>
10:00:12 lsvc:Inbound call from ANI 100 to DNIS 001448703928456<BR>
10:00:13 (121218) lsvc:SERVER_TYPE is: 0<BR>
10:00:45 (121218) lsvc:disconnected reason was NONE<BR>
10:00:45 (121218) lsvc:Caller is entering his phone number<BR>
<BR>
My question is there a way for me to prevent the fake ANI's from connecting? <BR>
<BR>
<BR>
<BR>
</SPAN></FONT></FONT><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:11pt'><BR>
<HR ALIGN=CENTER SIZE="3" WIDTH="95%"></SPAN></FONT><FONT SIZE="2"><FONT FACE="Consolas, Courier New, Courier"><SPAN STYLE='font-size:10pt'>_________________________________________________________________________<BR>
Professional FreeSWITCH Consulting Services:<BR>
<a href="consulting@freeswitch.org">consulting@freeswitch.org</a><BR>
<a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a><BR>
<BR>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<BR>
<a href="http://www.cudatel.com">http://www.cudatel.com</a><BR>
<BR>
Official FreeSWITCH Sites<BR>
<a href="http://www.freeswitch.org">http://www.freeswitch.org</a><BR>
<a href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a><BR>
<a href="http://www.cluecon.com">http://www.cluecon.com</a><BR>
<BR>
FreeSWITCH-users mailing list<BR>
<a href="FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><BR>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><BR>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><BR>
<a href="http://www.freeswitch.org">http://www.freeswitch.org</a><BR>
</SPAN></FONT></FONT></BLOCKQUOTE><FONT SIZE="2"><FONT FACE="Consolas, Courier New, Courier"><SPAN STYLE='font-size:10pt'><BR>
</SPAN></FONT></FONT><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:11pt'>-- <BR>
Ken<BR>
<a href="http://www.FreeSWITCH.org">http://www.FreeSWITCH.org</a><BR>
<a href="http://www.ClueCon.com">http://www.ClueCon.com</a><BR>
<a href="http://www.OSTAG.org">http://www.OSTAG.org</a><BR>
G+ ClueCon : <a href="http://fs0.us/cluecon-gplus">http://fs0.us/cluecon-gplus</a><BR>
FB ClueCon : <a href="http://fs0.us/cluecon-fb">http://fs0.us/cluecon-fb</a><BR>
G+ FreeSwitch : <a href="http://fs0.us/freeswitch-gplus">http://fs0.us/freeswitch-gplus</a><BR>
FB FreeSWITCH : <a href="http://fs0.us/freeswitch-fb">http://fs0.us/freeswitch-fb</a> <BR>
Twitter : @FreeSWITCH_WIRE<BR>
irc.freenode.net #freeswitch<BR>
</SPAN></FONT>
</BODY>
</HTML>