[Freeswitch-users] attack, still no ip address logging
Brian West
brian at freeswitch.org
Sun Nov 21 09:59:25 PST 2010
Ok my mistake I thought this fail2ban setup did that but its only auth failures to register or invite... But you should also be able to get them into the logs with a few lines of patching..
iptables -A INPUT -p udp --dport 5060 -m limit --limit 5/s --limit-burst 5 -i eth0 -j REJECT
Try that iptables rule also.
/b
On Nov 21, 2010, at 8:45 AM, covici at ccs.covici.com wrote:
> Hi. I was attacked by that famous Friendly scanner, but in the fs logs
> it did not give the ip address -- I had to put the siptrace on to get
> the address and dropped all packets. The strange thing was even after
> dropping the ip address using shorewall, it kept going for a while -- I
> restarted fs and that seemed to fix things, I am not sure if this was a
> coincidence or not.
>
> I would urge the devs to put the ip address in the request registration
> or somewhere other than the bad password so fail2ban can be configured
> to drop the ip address.
>
> I don't mean to bother people, but it was a pain and I couldn't make any
> calls for some time till I fixed things manually.
>
> --
> Your life is like a penny. You're going to lose it. The question is:
> How do
> you spend it?
>
> John Covici
> covici at ccs.covici.com
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
More information about the FreeSWITCH-users
mailing list