<div dir="ltr">Ítalo I am not rewrite patch set use network_addr in caller profile and path not merget to master.<br><div><br></div><div>Sergey</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 12, 2015 at 7:51 PM, Ítalo Rossi <span dir="ltr"><<a href="mailto:italorossib@gmail.com" target="_blank">italorossib@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">Version?</p>
<p dir="ltr">I'm almost sure this is already implemented in master. </p>
<div class="gmail_quote">Em 12/03/2015 13:43, "Kyle King" <<a href="mailto:kyle.king@quentustech.com" target="_blank">kyle.king@quentustech.com</a>> escreveu:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div bgcolor="#FFFFFF" text="#000000">Have you tried mod_fail2ban? <br><br><div class="gmail_quote">On March 12, 2015 12:28:16 PM EDT, Peter Steinbach <<a href="mailto:lists@telefaks.de" target="_blank">lists@telefaks.de</a>> wrote:<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Hello,<br>
<br>
we receive a number of Invites from certain IPs, who want to break
into our system and call external premium rate numbers<br>
Unwanted registers we can block already, but we still have the issue
to block specific invites from fraudulent IPs inside the iptables
firewall.<br>
<br>
In the Freeswitch log we see:<br>
2015-03-12 16:54:38.381552 [NOTICE] switch_channel.c:1055 New
Channel <a href="mailto:sofia/internal/149@10.11.12.13" target="_blank">sofia/internal/149@10.11.12.13</a>
[167bb9ee-c8d0-11e4-9f31-b39e581405c5]<br>
2015-03-12 16:54:38.381552 [DEBUG] switch_core_session.c:1061 Send
signal <a href="mailto:sofia/internal/149@10.11.12.13" target="_blank">sofia/internal/149@10.11.12.13</a> [BREAK]<br>
2015-03-12 16:54:38.381552 [DEBUG] switch_core_session.c:1061 Send
signal <a href="mailto:sofia/internal/149@10.11.12.13" target="_blank">sofia/internal/149@10.11.12.13</a> [BREAK]<br>
2015-03-12 16:54:38.381552 [DEBUG] switch_core_state_machine.c:472
(<a href="mailto:sofia/internal/149@10.11.12.13" target="_blank">sofia/internal/149@10.11.12.13</a>) Running State Change CS_NEW<br>
2015-03-12 16:54:38.381552 [DEBUG] sofia.c:8841
<a href="mailto:sofia/internal/149@10.11.12.13" target="_blank">sofia/internal/149@10.11.12.13</a> receiving invite from
<a href="http://155.94.64.26:5076" target="_blank">155.94.64.26:5076</a> version: 1.5.15b git 82f267a 2015-02-16 22:59:55Z
64bit<br>
2015-03-12 16:54:38.381552 [DEBUG] sofia.c:9008 IP <big>15.194.164.26</big>
Rejected by acl "domains". Falling back to Digest auth.<br>
2015-03-12 16:54:38.441582 [DEBUG] switch_core_state_machine.c:491
(<a href="mailto:sofia/internal/149@10.11.12.13" target="_blank">sofia/internal/149@10.11.12.13</a>) State NEW<br>
2015-03-12 16:54:38.441582 [DEBUG] switch_core_session.c:1061 Send
signal <a href="mailto:sofia/internal/149@10.11.12.13" target="_blank">sofia/internal/149@10.11.12.13</a> [BREAK]<br>
2015-03-12 16:54:38.441582 [DEBUG] sofia.c:2067 detaching session
167bb9ee-c8d0-11e4-9f31-b39e581405c5<br>
2015-03-12 16:54:48.461568 [WARNING] switch_core_state_machine.c:572
167bb9ee-c8d0-11e4-9f31-b39e581405c5 <a href="mailto:sofia/internal/149@10.11.12.13" target="_blank">sofia/internal/149@10.11.12.13</a>
Abandoned <br>
<br>
The fraudulent IP here is 15.194.164.26 (anonymized of course). The
IP 10.11.12.13 is the (anonymized) IP of our server.<br>
<br>
The point here is: 15.194.164.26 is sending an INVITE, Freeswitch
then sends "authentication required". Freeswitch then logs this
entry with "Abandoned" (see last line above) and that's it. <br>
<br>
So Is there any way to make Freeswitch show up a log line with the
fraudulent IP 15.194.164.26 and some text like "abandonned"?<br>
Example for extending a current log line<br>
2015-03-12 16:54:48.461568 [WARNING]
switch_core_state_machine.c:572 167bb9ee-c8d0-11e4-9f31-b39e581405c5
<a href="mailto:sofia/internal/149@10.11.12.13" target="_blank">sofia/internal/149@10.11.12.13</a> Abandoned <big>for IP 15.194.164.26</big>
<br>
This would enable us to process this entry with fail2ban and block
this IP in the Firewall.<br>
<br>
Any other hint is welcome.<br>
<pre cols="72">--
With kind regards
Marvin Keil
Telefaks Services GmbH
<a href="mailto:lists" target="_blank">mailto:lists</a> (att) <a href="http://telefaks.de" target="_blank">telefaks.de</a>
Internet: <a href="http://www.telefaks.de" target="_blank">www.telefaks.de</a>
</pre>
<p style="margin-top:2.5em;margin-bottom:1em;border-bottom:1px solid #000"></p><pre><hr><br>Professional FreeSWITCH Consulting Services: <br><a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br><a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br><br>Official FreeSWITCH Sites<br><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br><a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br><a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br><br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a></pre></blockquote></div><br>
-- <br>
Sent from my Android device with K-9 Mail. Please excuse my brevity.</div><br></div></div>_________________________________________________________________________<span class=""><br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></span></blockquote></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>