[Freeswitch-users] needs some advice to secure my system

Avi Marcus avi at avimarcus.net
Tue Feb 14 20:05:45 MSK 2012


I saw some comments about friendly-scanner that putting a REJECT in
iptables or responding with a SIP 200 OK caused the scanner to stop
nearly immediately. Might be worth looking into..

-Avi


On Tue, Feb 14, 2012 at 6:40 PM, Michael Giagnocavo <mgg at giagnocavo.net>wrote:

> ACL’ing like folks have suggested should help. But the problem is these
> attacks don’t always stop just because you’ve stopped responding. I’ve seen
> multi-day sustained scans at 30Mbps, but I’m sure they go much higher.****
>
> ** **
>
> As folks have suggested, run SIP on another port to avoid detection, and
> only open your firewall on 5060 for absolute necessities.****
>
> ** **
>
> I was under the impression that Canadian bandwidth limits were more for
> DSL and the like. If you get a colo’d machine or something, you should not
> have problems with caps, right?****
>
> ** **
>
> -Michael****
>
> ** **
>
> *From:* freeswitch-users-bounces at lists.freeswitch.org [mailto:
> freeswitch-users-bounces at lists.freeswitch.org] *On Behalf Of *Philippe Le
> Toquin
> *Sent:* Tuesday, February 07, 2012 7:42 AM
> *To:* FreeSWITCH-users at lists.freeswitch.org
> *Subject:* [Freeswitch-users] needs some advice to secure my system****
>
> ** **
>
> Hello,
>
> Sorry to ask like that but could someone points me to some site that
> explains exactly what I need to open towards the internet so that
> my FS server is working while limiting its visibility?
>
> since 1st of February I have an IP that continually sends me SIP Register
> request at a rate of 70KB/s. I have complained to my internet
> provider but they refuse to help saying that the problem is on my side. I
> also logged a complain to the provider on that IP and am waiting on that.
>
> At the moment on my firewall I opened port 5060 and 5080 (well now I
> blocked as well that IP) but I want to know if both are really needed or if
> I could block one of them
>  or may be limit the port to some IP.
>
> Any help/links will be gladly received
>
> thanks
>
> /Philippe****
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120214/cd1a3f61/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list