[Freeswitch-users] Hacker Attack?

Joao Leme joaocarlosleme at gmail.com
Sun Jan 30 02:39:41 MSK 2011


I just downloaded and compiled the latest Git and a little after starting
freeswitch I'm getting non stop the following:

[WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
[WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
[WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
[WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
[WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
[WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
[WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
[WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
[WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
[WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
‘internal’ for [140 at 76.XXX.XX.XXX] from ip 212.224.71.236
[WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236
[WARNING] sofia_reg.c:1247 SIP auth challenge (REGISTER) on sofia profile
‘internal’ for [thomas at 76.XXX.XX.XXX] from ip 212.224.71.236

it's non-stop and doesn't let me do nothing else. After the first time I
went on to vars and changed the 1234 password....restarted and same thing
happened, I also try denying the ip on acl.conf (not sure if has something
to do with it but gave it a try):

<configuration name="acl.conf" description="Network Lists">
        <network-lists>
          <list name="test2" default="allow">
            <node type="deny" host="212.224.71.236" mask="255.255.255.0"/>
          </list>
        </network-lists>
      </configuration>


Restarted the computer but nothing, he (thomas I guess) was back on my console.

Any ideas??? p.s. My computer is on DMZ (I know DMZ is not ideal but is the
only way I got to be able to connect to the internal profile from out of the
office etc).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20110129/376da28b/attachment.html 


More information about the FreeSWITCH-users mailing list