<div dir="ltr">Ken pull request has been created <a href="https://freeswitch.org/stash/projects/FS/repos/freeswitch/pull-requests/159/overview">https://freeswitch.org/stash/projects/FS/repos/freeswitch/pull-requests/159/overview</a><div>Mike rightly said that it is necessary to use a variable network_addr in caller profile</div><div><div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 12, 2015 at 11:46 PM, Ken Rice <span dir="ltr"><<a href="mailto:krice@freeswitch.org" target="_blank">krice@freeswitch.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<font face="Monaco, Courier New"><span style="font-size:11pt">Is there a pull request on that?<span class=""><br>
<br>
<br>
On 3/12/15, 1:27 PM, "Ítalo Rossi" <<a href="http://italorossib@gmail.com" target="_blank">italorossib@gmail.com</a>> wrote:<br>
<br>
</span></span></font><blockquote><span class=""><font face="Monaco, Courier New"><span style="font-size:11pt">I set the JIRA status as Needs Review, hope it get merged soon.<br>
<br>
On Thu, Mar 12, 2015 at 4:03 PM, Sergey Safarov <<a href="http://s.safarov@gmail.com" target="_blank">s.safarov@gmail.com</a>> wrote:<br>
</span></font></span><blockquote><span class=""><font face="Monaco, Courier New"><span style="font-size:11pt">Ítalo I am not rewrite patch set use network_addr in caller profile and path not merget to master.<br>
<font color="#888888"><br>
Sergey<br>
</font><br>
On Thu, Mar 12, 2015 at 7:51 PM, Ítalo Rossi <<a href="http://italorossib@gmail.com" target="_blank">italorossib@gmail.com</a>> wrote:<br>
</span></font></span><blockquote><span class=""><font face="Monaco, Courier New"><span style="font-size:11pt"><br>
Version?<br>
<br>
I'm almost sure this is already implemented in master. <br>
<br>
Em 12/03/2015 13:43, "Kyle King" <<a href="http://kyle.king@quentustech.com" target="_blank">kyle.king@quentustech.com</a>> escreveu:<br>
</span></font></span><blockquote><span class=""><font face="Monaco, Courier New"><span style="font-size:11pt">Have you tried mod_fail2ban? <br>
<br>
On March 12, 2015 12:28:16 PM EDT, Peter Steinbach <<a href="http://lists@telefaks.de" target="_blank">lists@telefaks.de</a>> wrote:<br>
</span></font></span><blockquote><font face="Monaco, Courier New"><span style="font-size:11pt"><span class=""> Hello,<br>
<br>
we receive a number of Invites from certain IPs, who want to break into our system and call external premium rate numbers<br>
Unwanted registers we can block already, but we still have the issue to block specific invites from fraudulent IPs inside the iptables firewall.<br>
<br>
In the Freeswitch log we see:<br>
2015-03-12 16:54:38.381552 [NOTICE] switch_channel.c:1055 New Channel <a href="http://sofia/internal/149@10.11.12.13" target="_blank">sofia/internal/149@10.11.12.13</a> [167bb9ee-c8d0-11e4-9f31-b39e581405c5]<br>
2015-03-12 16:54:38.381552 [DEBUG] switch_core_session.c:1061 Send signal <a href="http://sofia/internal/149@10.11.12.13" target="_blank">sofia/internal/149@10.11.12.13</a> [BREAK]<br>
2015-03-12 16:54:38.381552 [DEBUG] switch_core_session.c:1061 Send signal <a href="http://sofia/internal/149@10.11.12.13" target="_blank">sofia/internal/149@10.11.12.13</a> [BREAK]<br>
2015-03-12 16:54:38.381552 [DEBUG] switch_core_state_machine.c:472 (<a href="http://sofia/internal/149@10.11.12.13" target="_blank">sofia/internal/149@10.11.12.13</a>) Running State Change CS_NEW<br></span>
2015-03-12 16:54:38.381552 [DEBUG] sofia.c:8841 <a href="http://sofia/internal/149@10.11.12.13" target="_blank">sofia/internal/149@10.11.12.13</a> receiving invite from <a href="http://155.94.64.26:5076" target="_blank">155.94.64.26:5076</a> <<a href="http://155.94.64.26:5076" target="_blank">http://155.94.64.26:5076</a>> version: 1.5.15b git 82f267a 2015-02-16 22:59:55Z 64bit<span class=""><br>
2015-03-12 16:54:38.381552 [DEBUG] sofia.c:9008 IP 15.194.164.26 Rejected by acl "domains". Falling back to Digest auth.<br>
2015-03-12 16:54:38.441582 [DEBUG] switch_core_state_machine.c:491 (<a href="http://sofia/internal/149@10.11.12.13" target="_blank">sofia/internal/149@10.11.12.13</a>) State NEW<br>
2015-03-12 16:54:38.441582 [DEBUG] switch_core_session.c:1061 Send signal <a href="http://sofia/internal/149@10.11.12.13" target="_blank">sofia/internal/149@10.11.12.13</a> [BREAK]<br>
2015-03-12 16:54:38.441582 [DEBUG] sofia.c:2067 detaching session 167bb9ee-c8d0-11e4-9f31-b39e581405c5<br>
2015-03-12 16:54:48.461568 [WARNING] switch_core_state_machine.c:572 167bb9ee-c8d0-11e4-9f31-b39e581405c5 <a href="http://sofia/internal/149@10.11.12.13" target="_blank">sofia/internal/149@10.11.12.13</a> Abandoned <br>
<br>
The fraudulent IP here is 15.194.164.26 (anonymized of course). The IP 10.11.12.13 is the (anonymized) IP of our server.<br>
<br>
The point here is: 15.194.164.26 is sending an INVITE, Freeswitch then sends "authentication required". Freeswitch then logs this entry with "Abandoned" (see last line above) and that's it. <br>
<br>
So Is there any way to make Freeswitch show up a log line with the fraudulent IP 15.194.164.26 and some text like "abandonned"?<br>
Example for extending a current log line<br>
2015-03-12 16:54:48.461568 [WARNING] switch_core_state_machine.c:572 167bb9ee-c8d0-11e4-9f31-b39e581405c5 <a href="http://sofia/internal/149@10.11.12.13" target="_blank">sofia/internal/149@10.11.12.13</a> Abandoned for IP 15.194.164.26 <br>
This would enable us to process this entry with fail2ban and block this IP in the Firewall.<br>
<br>
Any other hint is welcome.<br>
<br>
</span></span></font></blockquote></blockquote></blockquote></blockquote></blockquote><span class="HOEnZb"><font color="#888888"><font face="Monaco, Courier New"><span style="font-size:11pt"><br>
-- <br>
Ken<br>
<font color="#0000FF"><u><a href="http://www.FreeSWITCH.org" target="_blank">http://www.FreeSWITCH.org</a><br>
<a href="http://www.ClueCon.com" target="_blank">http://www.ClueCon.com</a><br>
<a href="http://www.OSTAG.org" target="_blank">http://www.OSTAG.org</a><br>
</u></font><a href="http://irc.freenode.net" target="_blank">irc.freenode.net</a> #freeswitch<br>
Twitter: @FreeSWITCH<br>
<br>
</span></font>
</font></span></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>