<div dir="ltr"><div>maybe tweak some code so it can log the src ip and fail2ban can catch it.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Oct 8, 2021 at 5:11 AM David P <<a href="mailto:davidswalkabout@gmail.com">davidswalkabout@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">After reading about recent DDoS attacks on VOIP providers in <a href="https://www.rtcsec.com/post/2021/09/massive-ddos-attacks-on-voip-providers-and-simulated-ddos-testing/" target="_blank">https://www.rtcsec.com/post/2021/09/massive-ddos-attacks-on-voip-providers-and-simulated-ddos-testing/</a> in which Freeswitch is mentioned, I wondered what current practices are for services that must serve the public Internet.<div dir="auto"><br></div><div dir="auto">For example, a service that is purely verto-based seems like it could protect itself in this way:</div><div dir="auto"><br></div><div dir="auto">1) Block requests on all ports (except the verto WSS login) unless the request is from an address that's already part of signaling.</div><div dir="auto"><br></div><div dir="auto">2) To protect signaling, put it behind AWS API Gateway, which provides rate-limiting, and add an authorization check.</div><div dir="auto"><br></div><div dir="auto">Does this seem like it would defend against DDoS? Can FS be configured to do #1?</div></div>
_________________________________________________________________________<br>
<br>
The FreeSWITCH project is sponsored by SignalWire <a href="https://signalwire.com" rel="noreferrer" target="_blank">https://signalwire.com</a><br>
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.<br>
Build your next product on our scalable cloud platform.<br>
<br>
Join our online community to chat in real time <a href="https://signalwire.community" rel="noreferrer" target="_blank">https://signalwire.community</a><br>
<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a></blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">About: <a href="http://about.me/dujinfang" target="_blank">http://about.me/dujinfang</a><br>Blog: <a href="http://www.dujinfang.com" target="_blank">http://www.dujinfang.com</a><br>Proj:  <a href="http://www.freeswitch.org.cn" target="_blank">http://www.freeswitch.org.cn</a></div></div>