[Freeswitch-users] needs some advice to secure my system

Michael Giagnocavo mgg at giagnocavo.net
Tue Feb 14 19:40:46 MSK 2012


ACL'ing like folks have suggested should help. But the problem is these attacks don't always stop just because you've stopped responding. I've seen multi-day sustained scans at 30Mbps, but I'm sure they go much higher.

As folks have suggested, run SIP on another port to avoid detection, and only open your firewall on 5060 for absolute necessities.

I was under the impression that Canadian bandwidth limits were more for DSL and the like. If you get a colo'd machine or something, you should not have problems with caps, right?

-Michael

From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Philippe Le Toquin
Sent: Tuesday, February 07, 2012 7:42 AM
To: FreeSWITCH-users at lists.freeswitch.org
Subject: [Freeswitch-users] needs some advice to secure my system

Hello,

Sorry to ask like that but could someone points me to some site that explains exactly what I need to open towards the internet so that
my FS server is working while limiting its visibility?

since 1st of February I have an IP that continually sends me SIP Register request at a rate of 70KB/s. I have complained to my internet
provider but they refuse to help saying that the problem is on my side. I also logged a complain to the provider on that IP and am waiting on that.

At the moment on my firewall I opened port 5060 and 5080 (well now I blocked as well that IP) but I want to know if both are really needed or if I could block one of them
 or may be limit the port to some IP.

Any help/links will be gladly received

thanks

/Philippe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120214/b219db65/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list