<div dir="ltr">Think solution where INVITE mesages DROP/REJECT action will be implemented in mod_fail2ban is be have high pefomance<div><br></div><div>Iprables is good solution, but cannot help for TLS connection.</div><div><br></div><div>He is my iptables status where configure fail2ban. At present time 99% scans is made via UDP transport and 1% for TCP.</div><div><br></div><div><div><br></div><div>Chain f2b-freeswitch-local-tcp (1 references)</div><div> pkts bytes target prot opt in out source destination </div><div> 0 0 REJECT all -- * * 37.8.37.84 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 195.154.134.220 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 188.227.169.113 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 104.214.34.182 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 85.25.218.94 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 80.84.58.173 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 37.8.47.155 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 23.239.65.132 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 188.138.33.13 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 188.138.33.113 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 80.84.55.178 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 188.227.170.157 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 77.245.68.44 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 1 52 REJECT all -- * * 88.150.240.111 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 31.3.230.210 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 37.8.20.231 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 213.136.75.235 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 195.154.177.146 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 37.8.77.83 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 88.150.240.169 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 188.138.33.203 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 188.138.118.21 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 104.255.70.242 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 77.245.65.98 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 88.150.240.245 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 217.118.19.157 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 188.227.170.13 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 217.172.189.41 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 85.114.130.146 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 85.25.207.231 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 6 252 RETURN all -- * * <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> </div><div><br></div><div>Chain f2b-freeswitch-local-udp (1 references)</div><div> pkts bytes target prot opt in out source destination </div><div> 4 3122 REJECT all -- * * 37.8.37.84 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 0 0 REJECT all -- * * 195.154.134.220 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 10 7949 REJECT all -- * * 188.227.169.113 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 201 158K REJECT all -- * * 104.214.34.182 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 15 11677 REJECT all -- * * 85.25.218.94 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 11 8635 REJECT all -- * * 80.84.58.173 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 11 8649 REJECT all -- * * 37.8.47.155 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 48 37438 REJECT all -- * * 23.239.65.132 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 144 116K REJECT all -- * * 188.138.33.13 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 42 33201 REJECT all -- * * 188.138.33.113 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 6 4699 REJECT all -- * * 80.84.55.178 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 75 61117 REJECT all -- * * 188.227.170.157 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 130 104K REJECT all -- * * 77.245.68.44 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 133 108K REJECT all -- * * 88.150.240.111 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div>29897 14M REJECT all -- * * 31.3.230.210 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 26 20426 REJECT all -- * * 37.8.20.231 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 312 247K REJECT all -- * * 213.136.75.235 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 1133 612K REJECT all -- * * 195.154.177.146 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 2 1570 REJECT all -- * * 37.8.77.83 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div>85917 40M REJECT all -- * * 88.150.240.169 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 73 57484 REJECT all -- * * 188.138.33.203 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 64 50450 REJECT all -- * * 188.138.118.21 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 46 36467 REJECT all -- * * 104.255.70.242 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 3077 2388K REJECT all -- * * 77.245.65.98 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 21 16564 REJECT all -- * * 88.150.240.245 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 104 81759 REJECT all -- * * 217.118.19.157 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 95 75254 REJECT all -- * * 188.227.170.13 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 62 48840 REJECT all -- * * 217.172.189.41 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 2483 1974K REJECT all -- * * 85.114.130.146 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div> 51 39876 REJECT all -- * * 85.25.207.231 <a href="http://0.0.0.0/0">0.0.0.0/0</a> reject-with icmp-port-unreachable</div><div>2351K 1204M RETURN all -- * * <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> </div><div><br></div></div><div><br></div><div>Sergey.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 13, 2015 at 9:38 AM, jay binks <span dir="ltr"><<a href="mailto:jaybinks@gmail.com" target="_blank">jaybinks@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Doing it like you want is fine for education, however its not the best way, because it wont scale efficiently.<div>mod_sofia takes significant resources to consume a SIP Invite and generate events.<br></div><div><br></div><div>iptables will stop Freeswitch having to process these INVITES, thus saving CPU.</div><div>BUT you may not really care, if this is just for a home PBX.</div><div><br></div><div>Jay</div></div><div class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">On 13 November 2015 at 14:18, Russell Treleaven <span dir="ltr"><<a href="mailto:rtreleaven@bunnykick.ca" target="_blank">rtreleaven@bunnykick.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">figured out how to use events without a socket and thought I would share.<div><br></div><div><div>my $con = new freeswitch::EventConsumer("CHANNEL_CREATE");</div><div>$con->bind(</div><div><span style="white-space:pre-wrap"> </span>"CUSTOM",</div><div><span style="white-space:pre-wrap"> </span>"sofia::pre_register"</div><div>);</div><div>while(my $e = $con->pop(1)) {</div><div><span style="white-space:pre-wrap"> </span>freeswitch::consoleLog(</div><div><span style="white-space:pre-wrap"> </span>"INFO",</div><div><span style="white-space:pre-wrap"> </span>$e->serialize . "\n"</div><div><span style="white-space:pre-wrap"> </span>);</div><div>}</div></div></div><div class="gmail_extra"><br><div class="gmail_quote"><span>On Wed, Nov 11, 2015 at 11:33 AM, Ken Rice <span dir="ltr"><<a href="mailto:krice@freeswitch.org" target="_blank">krice@freeswitch.org</a>></span> wrote:<br></span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div lang="EN-US" link="#0563C1" vlink="#954F72"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Why not just block it with iptables?<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "VaxSIPUserAgent" --algo bm<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "sipcli" --algo bm<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "VaxSIPUserAgent" --algo bm<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "friendly-scanner" --algo bm<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "sipcli" --algo bm<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">these will get 99% of it because the script kiddies doing the scanning aren’t really that bright… there may be some additional strings to want to block, but these work great when combined with fail2bans log parser<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a> [mailto:<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a>] <b>On Behalf Of </b>Russell Treleaven<br><b>Sent:</b> Wednesday, November 11, 2015 10:29 AM<br><b>To:</b> FreeSWITCH Users Help <<a href="mailto:freeswitch-users@lists.freeswitch.org" target="_blank">freeswitch-users@lists.freeswitch.org</a>><br><b>Subject:</b> [Freeswitch-users] event based sipVicious blocker<u></u><u></u></span></p><div><div><p class="MsoNormal"><u></u> <u></u></p><div><div><p class="MsoNormal">I am working on a freeswitch sipVicious blocker.<u></u><u></u></p></div><div><p class="MsoNormal">I would like to run it from within freeswitch.<u></u><u></u></p></div><div><p class="MsoNormal">Is there a way to get events while running within freeswitch without running a socket via ESL::ESLconnection?<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">#!/usr/bin/perl<u></u><u></u></p></div><div><p class="MsoNormal">use strict;<u></u><u></u></p></div><div><p class="MsoNormal">use warnings;<u></u><u></u></p></div><div><p class="MsoNormal">use ESL;<u></u><u></u></p></div><div><p class="MsoNormal">my $c = new ESL::ESLconnection(<u></u><u></u></p></div><div><p class="MsoNormal"> "localhost",<u></u><u></u></p></div><div><p class="MsoNormal"> "8021",<u></u><u></u></p></div><div><p class="MsoNormal"> "ClueCon"<u></u><u></u></p></div><div><p class="MsoNormal">);<u></u><u></u></p></div><div><p class="MsoNormal">$c->events(<u></u><u></u></p></div><div><p class="MsoNormal"> "plain",<u></u><u></u></p></div><div><p class="MsoNormal"> "CHANNEL_CREATE CUSTOM sofia::pre_register"<u></u><u></u></p></div><div><p class="MsoNormal">);<u></u><u></u></p></div><div><p class="MsoNormal">while ($c->connected()) {<u></u><u></u></p></div><div><p class="MsoNormal"> my $event = $c->recvEvent();<u></u><u></u></p></div><div><p class="MsoNormal">#do some stuff <u></u><u></u></p></div><div><p class="MsoNormal">}<u></u><u></u></p></div></div></div></div></div></div><br></div></div><span>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></span></blockquote></div><br></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div></div></div><span class="HOEnZb"><font color="#888888">-- <br><div>Sincerely<br><br>Jay</div>
</font></span></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>