<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Georgia;
        panose-1:2 4 5 2 5 4 5 2 3 3;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
        {font-family:"Segoe UI";
        panose-1:2 11 5 2 4 2 4 2 2 3;}
@font-face
        {font-family:Menlo;
        panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
code
        {mso-style-priority:99;
        font-family:"Courier New";}
span.EmailStyle20
        {mso-style-type:personal-reply;
        font-family:"Georgia",serif;
        color:#00B050;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;
        mso-fareast-language:EN-US;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-GB" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-family:"Georgia",serif;color:#00B050;mso-fareast-language:EN-US">APIBAN is also good for this (<a href="https://www.apiban.org/doc.html">https://www.apiban.org/doc.html</a>). It basically sends you a list of known bad
 IP addresses and modifies your firewall to block them, it’s really easy to install and get running. I found out about it at a ClueCon talk (this one:
<a href="https://youtu.be/JvUGU3YtgzE?t=3132">https://youtu.be/JvUGU3YtgzE?t=3132</a>). The rest of Fred’s talk is also interesting and touches on security.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Georgia",serif;color:#00B050;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Georgia",serif;color:#00B050;mso-fareast-language:EN-US">Martin.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Georgia",serif;color:#00B050;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div style="mso-line-height-rule:exactly;-webkit-text-size-adjust:100%;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td align="left" style="padding:0 0 14px;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;line-height:normal;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><img src="cid:image148797.png@39AB370A.6FF0C127" width="138" height="28" border="0" alt="" style="width:138px;min-width:138px;max-width:138px;height:28px;min-height:28px;max-height:28px;font-size:0;" /></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="white-space:nowrap;color:#B3B3B3;font-size:14.67px;font-family:'\'Source Sans Pro\'',Calibri,Arial;font-weight:400;font-style:normal;text-align:left;line-height:17.33px;"><tr style="font-size:15px;"><td style="font-family:'\'Source Sans Pro\'',Calibri,Arial;">Development Team<span style="font-family:remialcxesans;font-size:1px;color:#FFFFFF;line-height:1px;">​</span></td></tr></table></td></tr></table></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;line-height:normal;"><tr style="font-size:0;"><td align="left" style="padding:0 0 7px;vertical-align:top;"><a href="https://technologywithin.com/" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image487155.png@A082701A.DE1E859D" width="190" border="0" alt="" style="width:190px;min-width:190px;max-width:190px;font-size:0;" /></a></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#9E9E9E;font-style:normal;font-weight:400;white-space:nowrap;"><tr style="font-size:14.67px;"><td align="left" style="padding:0;vertical-align:top;font-family:'\'Source Sans Pro\'',Calibri,Arial;">Phone: </td><td align="left" style="padding:0;vertical-align:top;color:#FF6353;font-family:'\'Source Sans Pro\'',Calibri,Arial;"><a href="tel:0207%20953%208840" target="_blank" id="LPlnk689713" style="text-decoration:none;color:#FF6353;"><strong style="font-weight:400;">0207 953 8840</strong></a></td></tr><tr style="font-size:14.67px;"><td align="left" style="padding:0;vertical-align:top;font-family:'\'Source Sans Pro\'',Calibri,Arial;">Email: </td><td align="left" style="padding:0;vertical-align:top;color:#FF6353;font-family:'\'Source Sans Pro\'',Calibri,Arial;"><a href="mailto:martin.paterson@technologywithin.com" target="_blank" id="LPlnk689713" style="text-decoration:none;color:#FF6353;"><strong style="font-weight:400;">martin.paterson@technologywithin.com</strong></a></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#919191;font-style:normal;font-weight:400;white-space:nowrap;"><tr style="font-size:16px;"><td align="left" style="vertical-align:top;font-family:Calibri;">Chevron Business Park, Limekiln Lane</td><td align="left" style="vertical-align:top;font-family:Calibri;">, </td><td align="left" style="vertical-align:top;font-family:Calibri;">Southampton</td><td align="left" style="vertical-align:top;font-family:Calibri;">, </td><td align="left" style="vertical-align:top;font-family:Calibri;">Hampshire</td><td align="left" style="vertical-align:top;font-family:Calibri;">, </td><td align="left" style="vertical-align:top;font-family:Calibri;">SO45 2QL</td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;"><tr style="font-size:0;"><td align="left" style="padding:4px 3px 6px;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;line-height:normal;"><tr style="font-size:0;"><td align="left" style="padding:3px;vertical-align:top;"><a href="https://en-gb.facebook.com/we.are.technologywithin" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image901869.png@14FEBBC9.70C19CF8" border="0" alt="" style="font-size:0;" /></a></td><td align="left" style="padding:3px;vertical-align:top;"><a href="https://www.linkedin.com/company/technologywithin" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image348145.png@BE5A7F2D.66912053" border="0" alt="" style="font-size:0;" /></a></td><td align="left" style="padding:5px 3px 3px;vertical-align:top;"><a href="https://twitter.com/@techwithin" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image949138.png@512ECE96.8399A829" border="0" alt="" style="font-size:0;" /></a></td><td align="left" style="padding:5px 3px 3px;vertical-align:top;"><a href="https://www.instagram.com/technologywithin/" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image605295.png@1FF882CE.0A07B6DB" border="0" alt="" style="font-size:0;" /></a></td></tr></table></td></tr></table></td></tr><tr style="font-size:0;line-height:normal;"><td align="left" style="vertical-align:top;"><a href="https://technologywithin.com/why-us/" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image159651.png@46EBCF4F.3E4008A9" border="0" alt="" style="font-size:0;" /></a></td></tr><tr style="color:#7D7D7D;font-size:14.67px;font-style:normal;font-weight:400;white-space:nowrap;"><td align="left" style="vertical-align:top;font-family:'\'Source Sans Pro\'',Calibri,Arial;"><span style="font-size:13.33px;">Registered Office: CP House, Otterspool Way, Watford, WD25 8JJ, U.K <br />​Registered in England No: 5964349 | VAT Number: GB 902 5369 37</span> <br /></td></tr></table></div><div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> FreeSWITCH-users <freeswitch-users-bounces@lists.freeswitch.org>
<b>On Behalf Of </b>Raúl Alexis Betancor Santana<br>
<b>Sent:</b> 17 March 2021 06:59<br>
<b>To:</b> FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org><br>
<b>Subject:</b> Re: [Freeswitch-users] Will fail2ban work for this?<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Switching SIP port, is not the solution, sooner than later, they will find you.<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">The best approach is to use a combination of solutions, like a blacklist of know hackers IPs as
<a href="http://voipbl.org">voipbl.org</a>, correctly setup fail2ban, put your FS behind a Kamailio with the pike module and other security measures, etc.<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Wed, Mar 17, 2021 at 2:19 AM Steven Schoch <<a href="mailto:schoch%2Bfreeswitch.org@xwin32.com">schoch+freeswitch.org@xwin32.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<p class="MsoNormal">I like your 2nd option. I always assumed 5080 was safe because it isn't the SIP port. It is listed as the "OnScreen Data Collection Service" in the official port number database (<a href="https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?&page=89" target="_blank">https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?&page=89</a>),
 but I guess the hackers know the SIP people like to use it. I'll try switching to another port.<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">-- <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Steve<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Tue, Mar 16, 2021 at 6:30 PM David Villasmil <<a href="mailto:david.villasmil.work@gmail.com" target="_blank">david.villasmil.work@gmail.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<p class="MsoNormal">It works, sure. But needs to be configured.<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><a href="https://freeswitch.org/confluence/display/FREESWITCH/Fail2Ban" target="_blank">https://freeswitch.org/confluence/display/FREESWITCH/Fail2Ban</a> should help you, especially the configuration part.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">For fail2ban to work, it needs to see a line in the logfile with the originating IP address, for that to work on failed call attempts you need to add a specific failure log. Something like adding a catch-all extension at the very end of
 the dialplan and log the originating IP. Then grab that with fail2ban.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">something like:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal" style="line-height:15.0pt;background:black;vertical-align:baseline">
<code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm"><</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:aqua;border:none windowtext 1.0pt;padding:0cm">extension</span></code><span style="font-size:10.5pt;font-family:Consolas;color:#333333"> </span><code><span style="font-size:10.0pt;font-family:Consolas;color:#EBDB8D;border:none windowtext 1.0pt;padding:0cm">name</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">=</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:#FF9E7B;border:none windowtext 1.0pt;padding:0cm">"catch-all"</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">></span></code><span style="font-size:10.5pt;font-family:Consolas;color:#333333"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="line-height:15.0pt;background:black;vertical-align:baseline">
<code><span style="font-size:10.0pt;font-family:Consolas;color:#333333;border:none windowtext 1.0pt;padding:0cm">  </span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm"><</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:aqua;border:none windowtext 1.0pt;padding:0cm">condition</span></code><span style="font-size:10.5pt;font-family:Consolas;color:#333333"> </span><code><span style="font-size:10.0pt;font-family:Consolas;color:#EBDB8D;border:none windowtext 1.0pt;padding:0cm">field</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">=</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:#FF9E7B;border:none windowtext 1.0pt;padding:0cm">"destination_number"</span></code><span style="font-size:10.5pt;font-family:Consolas;color:#333333"> </span><code><span style="font-size:10.0pt;font-family:Consolas;color:#EBDB8D;border:none windowtext 1.0pt;padding:0cm">expression</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">=</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:#FF9E7B;border:none windowtext 1.0pt;padding:0cm">"^.*$"</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">></span></code><span style="font-size:10.5pt;font-family:Consolas;color:#333333"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="line-height:15.0pt;background:black;vertical-align:baseline">
<code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm"><</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:aqua;border:none windowtext 1.0pt;padding:0cm">condition</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:#333333;border:none windowtext 1.0pt;padding:0cm"> </span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:#EBDB8D;border:none windowtext 1.0pt;padding:0cm">field</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">=</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:#FF9E7B;border:none windowtext 1.0pt;padding:0cm">"${sip_authorized}"</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:#333333;border:none windowtext 1.0pt;padding:0cm"> </span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:#EBDB8D;border:none windowtext 1.0pt;padding:0cm">expression</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">=</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:#FF9E7B;border:none windowtext 1.0pt;padding:0cm">"^false$"</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">></span></code><span style="font-size:10.5pt;font-family:Consolas;color:#333333"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="line-height:15.0pt;background:black;vertical-align:baseline">
<code><span style="font-size:10.0pt;font-family:Consolas;color:#333333;border:none windowtext 1.0pt;padding:0cm">    
</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm"><</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:aqua;border:none windowtext 1.0pt;padding:0cm">action</span></code><span style="font-size:10.5pt;font-family:Consolas;color:#333333"> </span><code><span style="font-size:10.0pt;font-family:Consolas;color:#EBDB8D;border:none windowtext 1.0pt;padding:0cm">application</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">=</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:#FF9E7B;border:none windowtext 1.0pt;padding:0cm">"log"</span></code><span style="font-size:10.5pt;font-family:Consolas;color:#333333"> </span><code><span style="font-size:10.0pt;font-family:Consolas;color:#EBDB8D;border:none windowtext 1.0pt;padding:0cm">data</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">=</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:#FF9E7B;border:none windowtext 1.0pt;padding:0cm">"CRIT
 caught ${variable_sip_received_ip} trying to call."</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">/></span></code><span style="font-size:10.5pt;font-family:Consolas;color:#333333"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="line-height:15.0pt;background:black;vertical-align:baseline">
<code><span style="font-size:10.0pt;font-family:Consolas;color:#333333;border:none windowtext 1.0pt;padding:0cm">    
</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm"><</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:aqua;border:none windowtext 1.0pt;padding:0cm">action</span></code><span style="font-size:10.5pt;font-family:Consolas;color:#333333"> </span><code><span style="font-size:10.0pt;font-family:Consolas;color:#EBDB8D;border:none windowtext 1.0pt;padding:0cm">application</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">=</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:#FF9E7B;border:none windowtext 1.0pt;padding:0cm">"hangup"</span></code><span style="font-size:10.5pt;font-family:Consolas;color:#333333"> </span><code><span style="font-size:10.0pt;font-family:Consolas;color:#EBDB8D;border:none windowtext 1.0pt;padding:0cm">data</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">=</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:#FF9E7B;border:none windowtext 1.0pt;padding:0cm">""</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">/></span></code><span style="font-size:10.5pt;font-family:Consolas;color:#333333"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="line-height:15.0pt;background:black;vertical-align:baseline">
<code><span style="font-size:12.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm"></</span></code><code><span style="font-size:12.0pt;font-family:Consolas;color:aqua;border:none windowtext 1.0pt;padding:0cm">condition</span></code><code><span style="font-size:12.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">></span></code><span style="font-size:10.5pt;font-family:Consolas;color:#333333"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="line-height:15.0pt;background:black;vertical-align:baseline">
<code><span style="font-size:10.0pt;font-family:Consolas;color:#333333;border:none windowtext 1.0pt;padding:0cm">  </span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm"></</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:aqua;border:none windowtext 1.0pt;padding:0cm">condition</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">></span></code><span style="font-size:10.5pt;font-family:Consolas;color:#333333"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="line-height:15.0pt;background:black;vertical-align:baseline">
<code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm"></</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:aqua;border:none windowtext 1.0pt;padding:0cm">extension</span></code><code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">> </span></code><span style="font-size:10.5pt;font-family:Consolas;color:#333333"><o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Then a regexp on <b><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#333333">filter.d/freeswitch.local</span></b><br clear="all">
<o:p></o:p></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal" style="line-height:15.0pt;background:black;vertical-align:baseline">
<code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">[Definition]</span></code><span style="font-size:10.5pt;font-family:Consolas;color:#333333"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="line-height:15.0pt;background:black;vertical-align:baseline">
<code><span style="font-size:10.0pt;font-family:Consolas;color:lightgrey;border:none windowtext 1.0pt;padding:0cm">failregex = ^.* caught <HOST> trying to call$</span></code><span style="font-size:10.5pt;font-family:Consolas;color:#333333"><o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">NOTE: I didn't test any of this, you'll need to test yourself, but it should be a starting point.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Another option, which i like on top of the already mentioned, is to _not_ use a default port 5080, use something like 9909 (security by obscurity)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Regards,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">David Villasmil<o:p></o:p></p>
<div>
<p class="MsoNormal">email: <a href="mailto:david.villasmil.work@gmail.com" target="_blank">
david.villasmil.work@gmail.com</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">phone: +34669448337<o:p></o:p></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Tue, Mar 16, 2021 at 11:40 PM Steven Schoch <<a href="mailto:schoch%2Bfreeswitch.org@xwin32.com" target="_blank">schoch+freeswitch.org@xwin32.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<p class="MsoNormal">I just set up a new FreeSWITCH system on my home network, and set a forward for port 5080 to connect to Flowroute. While I'm debugging some call routing stuff, my logs are getting overrun with stuff like this: <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#33BBC8">2021-03-16 15:52:02.267501 [NOTICE] switch_channel.c:1118 New Channel sofia/external/7750@</span><span style="font-size:10.5pt;font-family:"Menlo",serif;color:#3D85C6;background:white"><my
 IP></span><span style="font-size:10.5pt;font-family:"Menlo",serif;color:#33BBC8"> [2de89b87-cd07-4c0f-b9fb-3da8e5a68d37]</span><span style="font-size:10.5pt;font-family:"Menlo",serif"><o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:585 (sofia/external/7750@<my IP>) Running State Change CS_NEW (Cur 1 Tot 7822)<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">2021-03-16 15:52:02.267501 [DEBUG] sofia.c:10280 sofia/external/7750@<my IP> receiving invite from
<a href="http://80.94.93.12:62635" target="_blank">80.94.93.12:62635</a> version: 1.10.5 -release-17-25569c1631 64bit<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">2021-03-16 15:52:02.267501 [DEBUG] sofia.c:7326 Channel sofia/external/7750@<my IP> entering state [received][100]<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">2021-03-16 15:52:02.267501 [DEBUG] sofia.c:7336 Remote SDP:<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">v=0<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">o=- 81921704 81921704 IN IP4 0.0.0.0<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">s=pplsip<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">c=IN IP4 0.0.0.0<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">t=0 0<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">m=audio 7628 RTP/AVP 100 6 0 8 3 18 5 101<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">a=rtpmap:100 speex/16000<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">a=rtpmap:101 telephone-event/8000<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">a=fmtp:101 0-11<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">a=alt:1 1 : DF50DC48 0000001F 0.0.0.0 7628<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;min-height:16px">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:black"><o:p> </o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">2021-03-16 15:52:02.267501 [DEBUG] sofia.c:7739 (sofia/external/7750@<my IP>) State Change CS_NEW -> CS_INIT<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:604 (sofia/external/7750@<my IP>) State NEW<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:585 (sofia/external/7750@<my IP>) Running State Change CS_INIT (Cur 1 Tot 7822)<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:628 (sofia/external/7750@<my IP>) State INIT<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">2021-03-16 15:52:02.267501 [DEBUG] mod_sofia.c:93 sofia/external/7750@<my IP> SOFIA INIT<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:40 sofia/external/7750@<my IP> Standard INIT<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:48 (sofia/external/7750@<my IP>) State Change CS_INIT -> CS_ROUTING<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:628 (sofia/external/7750@<my IP>) State INIT going to sleep<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:585 (sofia/external/7750@<my IP>) Running State Change CS_ROUTING (Cur 1 Tot 7822)<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">2021-03-16 15:52:02.267501 [DEBUG] switch_channel.c:2332 (sofia/external/7750@<my IP>) Callstate Change DOWN -> RINGING<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:644 (sofia/external/7750@<my IP>) State ROUTING<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">2021-03-16 15:52:02.267501 [DEBUG] mod_sofia.c:154 sofia/external/7750@<my IP> SOFIA ROUTING<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#AFAD24">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:236 sofia/external/7750@<my IP> Standard ROUTING<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#34BC26">2021-03-16 15:52:02.267501 [INFO] mod_dialplan_xml.c:637 Processing 7750 <7750>->900442037697855 in context public<o:p></o:p></span></p>
<p style="margin:0cm;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal">
<span style="font-size:10.5pt;font-family:"Menlo",serif;color:#34BC26"><o:p> </o:p></span></p>
<p class="MsoNormal">I thought fail2ban was designed for stuff like this, but I don't see any auth attempts here (I set "log-auth-failures" to "true"). These are coming in a bit faster than 1 per second. It appears they are dialing random extensions. How can
 I make them stop?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">-- <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Steve<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal">_________________________________________________________________________<br>
<br>
The FreeSWITCH project is sponsored by SignalWire <a href="https://signalwire.com" target="_blank">
https://signalwire.com</a><br>
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.<br>
Build your next product on our scalable cloud platform.<br>
<br>
Join our online community to chat in real time <a href="https://signalwire.community" target="_blank">
https://signalwire.community</a><br>
<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" target="_blank">https://freeswitch.com</a><o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal">_________________________________________________________________________<br>
<br>
The FreeSWITCH project is sponsored by SignalWire <a href="https://signalwire.com" target="_blank">
https://signalwire.com</a><br>
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.<br>
Build your next product on our scalable cloud platform.<br>
<br>
Join our online community to chat in real time <a href="https://signalwire.community" target="_blank">
https://signalwire.community</a><br>
<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" target="_blank">https://freeswitch.com</a><o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal">_________________________________________________________________________<br>
<br>
The FreeSWITCH project is sponsored by SignalWire <a href="https://signalwire.com" target="_blank">
https://signalwire.com</a><br>
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.<br>
Build your next product on our scalable cloud platform.<br>
<br>
Join our online community to chat in real time <a href="https://signalwire.community" target="_blank">
https://signalwire.community</a><br>
<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" target="_blank">https://freeswitch.com</a><o:p></o:p></p>
</blockquote>
</div>
</div>
</body>
</html>