<div dir="ltr">Switching SIP port, is not the solution, sooner than later, they will find you.<div><br></div><div>The best approach is to use a combination of solutions, like a blacklist of know hackers IPs as <a href="http://voipbl.org">voipbl.org</a>, correctly setup fail2ban, put your FS behind a Kamailio with the pike module and other security measures, etc.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Mar 17, 2021 at 2:19 AM Steven Schoch <<a href="mailto:schoch%2Bfreeswitch.org@xwin32.com">schoch+freeswitch.org@xwin32.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I like your 2nd option. I always assumed 5080 was safe because it isn't the SIP port. It is listed as the "OnScreen Data Collection Service" in the official port number database (<a href="https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?&page=89" target="_blank">https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?&page=89</a>), but I guess the hackers know the SIP people like to use it. I'll try switching to another port.<div><br></div><div>-- </div><div>Steve</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Mar 16, 2021 at 6:30 PM David Villasmil <<a href="mailto:david.villasmil.work@gmail.com" target="_blank">david.villasmil.work@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">It works, sure. But needs to be configured.<div><br><div><a href="https://freeswitch.org/confluence/display/FREESWITCH/Fail2Ban" target="_blank">https://freeswitch.org/confluence/display/FREESWITCH/Fail2Ban</a> should help you, especially the configuration part.</div><div><br></div><div>For fail2ban to work, it needs to see a line in the logfile with the originating IP address, for that to work on failed call attempts you need to add a specific failure log. Something like adding a catch-all extension at the very end of the dialplan and log the originating IP. Then grab that with fail2ban.</div><div><br></div><div>something like:</div><div><br></div><div><div style="margin:0px;padding:0px 1em 0px 0em;border-radius:0px;background:none black;border:0px;float:none;height:auto;line-height:20px;outline:0px;overflow:visible;vertical-align:baseline;width:auto;box-sizing:content-box;font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;font-size:14px;min-height:inherit;white-space:nowrap;color:rgb(51,51,51)"><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)"><</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:aqua">extension</code> <code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(235,219,141)">name</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)">=</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(255,158,123)">"catch-all"</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)">></code></div><div style="margin:0px;padding:0px 1em 0px 0em;border-radius:0px;background:none black;border:0px;float:none;height:auto;line-height:20px;outline:0px;overflow:visible;vertical-align:baseline;width:auto;box-sizing:content-box;font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;font-size:14px;min-height:inherit;white-space:nowrap;color:rgb(51,51,51)"><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit"> </code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)"><</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:aqua">condition</code> <code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(235,219,141)">field</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)">=</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(255,158,123)">"destination_number"</code> <code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(235,219,141)">expression</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)">=</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(255,158,123)">"^.*$"</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)">></code></div><div style="margin:0px;padding:0px 1em 0px 0em;border-radius:0px;background:none black;border:0px;float:none;height:auto;line-height:20px;outline:0px;overflow:visible;vertical-align:baseline;width:auto;box-sizing:content-box;font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;font-size:14px;min-height:inherit;white-space:nowrap;color:rgb(51,51,51)"><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)"><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit"> <</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:aqua">condition</code><span style="color:rgb(51,51,51);white-space:nowrap"> </span><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(235,219,141)">field</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit">=</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(255,158,123)">"${sip_authorized}"</code><span style="color:rgb(51,51,51);white-space:nowrap"> </span><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(235,219,141)">expression</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit">=</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(255,158,123)">"^false$"</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit">></code><br></code></div><div style="margin:0px;padding:0px 1em 0px 0em;border-radius:0px;background:none black;border:0px;float:none;height:auto;line-height:20px;outline:0px;overflow:visible;vertical-align:baseline;width:auto;box-sizing:content-box;font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;font-size:14px;min-height:inherit;white-space:nowrap;color:rgb(51,51,51)"><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit"> </code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)"><</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:aqua">action</code> <code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(235,219,141)">application</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)">=</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(255,158,123)">"log"</code> <code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(235,219,141)">data</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)">=</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(255,158,123)">"CRIT caught ${variable_sip_received_ip} trying to call."</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)">/></code></div><div style="margin:0px;padding:0px 1em 0px 0em;border-radius:0px;background:none black;border:0px;float:none;height:auto;line-height:20px;outline:0px;overflow:visible;vertical-align:baseline;width:auto;box-sizing:content-box;font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;font-size:14px;min-height:inherit;white-space:nowrap;color:rgb(51,51,51)"><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit"> </code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)"><</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:aqua">action</code> <code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(235,219,141)">application</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)">=</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(255,158,123)">"hangup"</code> <code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(235,219,141)">data</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)">=</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(255,158,123)">""</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)">/></code></div><div style="margin:0px;padding:0px 1em 0px 0em;border-radius:0px;background:none black;border:0px;float:none;height:auto;line-height:20px;outline:0px;overflow:visible;vertical-align:baseline;width:auto;box-sizing:content-box;font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;font-size:14px;min-height:inherit;white-space:nowrap;color:rgb(51,51,51)"><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)"> </code><code style="background:none;font-size:small;font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)"></</code><code style="background:none;font-size:small;font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:aqua">condition</code><code style="background:none;font-size:small;font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)">></code></div><div style="margin:0px;padding:0px 1em 0px 0em;border-radius:0px;background:none black;border:0px;float:none;height:auto;line-height:20px;outline:0px;overflow:visible;vertical-align:baseline;width:auto;box-sizing:content-box;font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;font-size:14px;min-height:inherit;white-space:nowrap;color:rgb(51,51,51)"><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit"> </code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)"></</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:aqua">condition</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)">></code><br></div><div style="margin:0px;padding:0px 1em 0px 0em;border-radius:0px;background:none black;border:0px;float:none;height:auto;line-height:20px;outline:0px;overflow:visible;vertical-align:baseline;width:auto;box-sizing:content-box;font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;font-size:14px;min-height:inherit;white-space:nowrap;color:rgb(51,51,51)"><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)"></</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:aqua">extension</code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)">> </code></div></div><div><br></div><div>Then a regexp on <b style="color:rgb(51,51,51);font-family:-apple-system,system-ui,"Segoe UI",Roboto,Oxygen,Ubuntu,"Fira Sans","Droid Sans","Helvetica Neue",sans-serif;font-size:14px">filter.d/freeswitch.local</b><br clear="all"><div><div dir="ltr"><div dir="ltr"><div><br></div><div><div style="margin:0px;padding:0px 1em 0px 0em;border-radius:0px;background:none black;border:0px;float:none;height:auto;line-height:20px;outline:0px;overflow:visible;vertical-align:baseline;width:auto;box-sizing:content-box;font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;font-size:14px;min-height:inherit;white-space:nowrap;color:rgb(51,51,51)"><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)">[Definition]</code></div><div style="margin:0px;padding:0px 1em 0px 0em;border-radius:0px;background:none black;border:0px;float:none;height:auto;line-height:20px;outline:0px;overflow:visible;vertical-align:baseline;width:auto;box-sizing:content-box;font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;font-size:14px;min-height:inherit;white-space:nowrap;color:rgb(51,51,51)"><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)">failregex = ^.* caught </code><code style="font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;white-space:pre-wrap;border-radius:0px;background:none;border:0px;float:none;height:auto;line-height:20px;margin:0px;outline:0px;overflow:visible;padding:0px;vertical-align:baseline;width:auto;box-sizing:content-box;min-height:inherit;color:rgb(211,211,211)"><HOST> trying to call$</code></div></div><div><br></div><div>NOTE: I didn't test any of this, you'll need to test yourself, but it should be a starting point.</div><div><br></div><div><br></div><div>Another option, which i like on top of the already mentioned, is to _not_ use a default port 5080, use something like 9909 (security by obscurity)</div><div><br></div><div><br></div><div><br></div><div>Regards,</div><div><br></div>David Villasmil<div>email: <a href="mailto:david.villasmil.work@gmail.com" target="_blank">david.villasmil.work@gmail.com</a></div><div>phone: +34669448337</div></div></div></div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Mar 16, 2021 at 11:40 PM Steven Schoch <<a href="mailto:schoch%2Bfreeswitch.org@xwin32.com" target="_blank">schoch+freeswitch.org@xwin32.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I just set up a new FreeSWITCH system on my home network, and set a forward for port 5080 to connect to Flowroute. While I'm debugging some call routing stuff, my logs are getting overrun with stuff like this: <div><br></div><div>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo"><span style="font-variant-ligatures:no-common-ligatures"><font color="#33bbc8">2021-03-16 15:52:02.267501 [NOTICE] switch_channel.c:1118 New Channel sofia/external/7750@</font><span style="background-color:rgb(255,255,255)"><font color="#3d85c6"><my IP></font></span><font color="#33bbc8"> [2de89b87-cd07-4c0f-b9fb-3da8e5a68d37]</font></span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:585 (sofia/external/7750@<my IP>) Running State Change CS_NEW (Cur 1 Tot 7822)</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">2021-03-16 15:52:02.267501 [DEBUG] sofia.c:10280 sofia/external/7750@<my IP> receiving invite from <a href="http://80.94.93.12:62635" target="_blank">80.94.93.12:62635</a> version: 1.10.5 -release-17-25569c1631 64bit</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">2021-03-16 15:52:02.267501 [DEBUG] sofia.c:7326 Channel sofia/external/7750@<my IP> entering state [received][100]</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">2021-03-16 15:52:02.267501 [DEBUG] sofia.c:7336 Remote SDP:</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">v=0</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">o=- 81921704 81921704 IN IP4 0.0.0.0</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">s=pplsip</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">c=IN IP4 0.0.0.0</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">t=0 0</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">m=audio 7628 RTP/AVP 100 6 0 8 3 18 5 101</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">a=rtpmap:100 speex/16000</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">a=rtpmap:101 telephone-event/8000</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">a=fmtp:101 0-11</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">a=alt:1 1 : DF50DC48 0000001F 0.0.0.0 7628</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:16px"><span style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">2021-03-16 15:52:02.267501 [DEBUG] sofia.c:7739 (sofia/external/7750@<my IP>) State Change CS_NEW -> CS_INIT</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:604 (sofia/external/7750@<my IP>) State NEW</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:585 (sofia/external/7750@<my IP>) Running State Change CS_INIT (Cur 1 Tot 7822)</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:628 (sofia/external/7750@<my IP>) State INIT</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">2021-03-16 15:52:02.267501 [DEBUG] mod_sofia.c:93 sofia/external/7750@<my IP> SOFIA INIT</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:40 sofia/external/7750@<my IP> Standard INIT</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:48 (sofia/external/7750@<my IP>) State Change CS_INIT -> CS_ROUTING</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:628 (sofia/external/7750@<my IP>) State INIT going to sleep</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:585 (sofia/external/7750@<my IP>) Running State Change CS_ROUTING (Cur 1 Tot 7822)</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">2021-03-16 15:52:02.267501 [DEBUG] switch_channel.c:2332 (sofia/external/7750@<my IP>) Callstate Change DOWN -> RINGING</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:644 (sofia/external/7750@<my IP>) State ROUTING</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">2021-03-16 15:52:02.267501 [DEBUG] mod_sofia.c:154 sofia/external/7750@<my IP> SOFIA ROUTING</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(175,173,36)"><span style="font-variant-ligatures:no-common-ligatures">2021-03-16 15:52:02.267501 [DEBUG] switch_core_state_machine.c:236 sofia/external/7750@<my IP> Standard ROUTING</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(52,188,38)"><span style="font-variant-ligatures:no-common-ligatures">2021-03-16 15:52:02.267501 [INFO] mod_dialplan_xml.c:637 Processing 7750 <7750>->900442037697855 in context public</span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:14px;line-height:normal;font-family:Menlo;color:rgb(52,188,38)"><span style="font-variant-ligatures:no-common-ligatures"><br></span></p>I thought fail2ban was designed for stuff like this, but I don't see any auth attempts here (I set "log-auth-failures" to "true"). These are coming in a bit faster than 1 per second. It appears they are dialing random extensions. How can I make them stop?</div><div><br></div><div>-- </div><div>Steve</div></div>
_________________________________________________________________________<br>
<br>
The FreeSWITCH project is sponsored by SignalWire <a href="https://signalwire.com" rel="noreferrer" target="_blank">https://signalwire.com</a><br>
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.<br>
Build your next product on our scalable cloud platform.<br>
<br>
Join our online community to chat in real time <a href="https://signalwire.community" rel="noreferrer" target="_blank">https://signalwire.community</a><br>
<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a></blockquote></div>
_________________________________________________________________________<br>
<br>
The FreeSWITCH project is sponsored by SignalWire <a href="https://signalwire.com" rel="noreferrer" target="_blank">https://signalwire.com</a><br>
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.<br>
Build your next product on our scalable cloud platform.<br>
<br>
Join our online community to chat in real time <a href="https://signalwire.community" rel="noreferrer" target="_blank">https://signalwire.community</a><br>
<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a></blockquote></div>
_________________________________________________________________________<br>
<br>
The FreeSWITCH project is sponsored by SignalWire <a href="https://signalwire.com" rel="noreferrer" target="_blank">https://signalwire.com</a><br>
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.<br>
Build your next product on our scalable cloud platform.<br>
<br>
Join our online community to chat in real time <a href="https://signalwire.community" rel="noreferrer" target="_blank">https://signalwire.community</a><br>
<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a></blockquote></div>