<div dir="ltr">Sure that will work but I wanted to make this event based for my own education.<div><br></div><div>Thanks for quick reply<br><div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 11, 2015 at 11:33 AM, Ken Rice <span dir="ltr">&lt;<a href="mailto:krice@freeswitch.org" target="_blank">krice@freeswitch.org</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="#0563C1" vlink="#954F72"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">Why not just block it with iptables?<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string &quot;VaxSIPUserAgent&quot; --algo bm<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string &quot;friendly-scanner&quot; --algo bm<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string &quot;sipcli&quot; --algo bm<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string &quot;VaxSIPUserAgent&quot; --algo bm<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string &quot;friendly-scanner&quot; --algo bm<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string &quot;sipcli&quot; --algo bm<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">these will get 99% of it because the script kiddies doing the scanning aren’t really that bright… there may be some additional strings to want to block, but these work great when combined with fail2bans log parser<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"> <a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a> [mailto:<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a>] <b>On Behalf Of </b>Russell Treleaven<br><b>Sent:</b> Wednesday, November 11, 2015 10:29 AM<br><b>To:</b> FreeSWITCH Users Help &lt;<a href="mailto:freeswitch-users@lists.freeswitch.org" target="_blank">freeswitch-users@lists.freeswitch.org</a>&gt;<br><b>Subject:</b> [Freeswitch-users] event based sipVicious blocker<u></u><u></u></span></p><div><div class="h5"><p class="MsoNormal"><u></u> <u></u></p><div><div><p class="MsoNormal">I am working on a freeswitch sipVicious blocker.<u></u><u></u></p></div><div><p class="MsoNormal">I would like to run it from within freeswitch.<u></u><u></u></p></div><div><p class="MsoNormal">Is there a way to get events while running within freeswitch without running a socket via ESL::ESLconnection?<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">#!/usr/bin/perl<u></u><u></u></p></div><div><p class="MsoNormal">use strict;<u></u><u></u></p></div><div><p class="MsoNormal">use warnings;<u></u><u></u></p></div><div><p class="MsoNormal">use ESL;<u></u><u></u></p></div><div><p class="MsoNormal">my $c = new ESL::ESLconnection(<u></u><u></u></p></div><div><p class="MsoNormal">            &quot;localhost&quot;,<u></u><u></u></p></div><div><p class="MsoNormal">            &quot;8021&quot;,<u></u><u></u></p></div><div><p class="MsoNormal">            &quot;ClueCon&quot;<u></u><u></u></p></div><div><p class="MsoNormal">);<u></u><u></u></p></div><div><p class="MsoNormal">$c-&gt;events(<u></u><u></u></p></div><div><p class="MsoNormal">            &quot;plain&quot;,<u></u><u></u></p></div><div><p class="MsoNormal">            &quot;CHANNEL_CREATE CUSTOM sofia::pre_register&quot;<u></u><u></u></p></div><div><p class="MsoNormal">);<u></u><u></u></p></div><div><p class="MsoNormal">while ($c-&gt;connected()) {<u></u><u></u></p></div><div><p class="MsoNormal">            my $event = $c-&gt;recvEvent();<u></u><u></u></p></div><div><p class="MsoNormal">#do some stuff <u></u><u></u></p></div><div><p class="MsoNormal">}<u></u><u></u></p></div></div></div></div></div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>