[Freeswitch-users] needs some advice to secure my system

Philippe Le Toquin philippe at ppmt.org
Wed Feb 15 03:30:17 MSK 2012


Thanks I will look at it

Once again thanks all for your advices
On Feb 14, 2012 2:32 PM, "Ken Rice" <krice at freeswitch.org> wrote:

> if do a quick google for crash sip vicious you'll also find his blog entry
> about the counter attack
>
> On Tue, Feb 14, 2012 at 12:43 PM, Michael Collins <msc at freeswitch.org>wrote:
>
>> Also, don't forget that the author of SIPVicious came and spoke to us
>> about his project. He mentioned that most friendly scanners are using an
>> older version of SIPVicious that susceptible to a "retaliatory attack" that
>> will bring the script to a screeching halt.
>>
>> http://wiki.freeswitch.org/wiki/Weekly_Conference_Call (get recording
>> from 2011-04-13)
>>
>> -MC
>>
>>
>> On Tue, Feb 14, 2012 at 9:05 AM, Avi Marcus <avi at avimarcus.net> wrote:
>>
>>> I saw some comments about friendly-scanner that putting a REJECT in
>>> iptables or responding with a SIP 200 OK caused the scanner to stop
>>> nearly immediately. Might be worth looking into..
>>>
>>> -Avi
>>>
>>>
>>> On Tue, Feb 14, 2012 at 6:40 PM, Michael Giagnocavo <mgg at giagnocavo.net>wrote:
>>>
>>>> ACL’ing like folks have suggested should help. But the problem is these
>>>> attacks don’t always stop just because you’ve stopped responding. I’ve seen
>>>> multi-day sustained scans at 30Mbps, but I’m sure they go much higher.*
>>>> ***
>>>>
>>>> ** **
>>>>
>>>> As folks have suggested, run SIP on another port to avoid detection,
>>>> and only open your firewall on 5060 for absolute necessities.****
>>>>
>>>> ** **
>>>>
>>>> I was under the impression that Canadian bandwidth limits were more for
>>>> DSL and the like. If you get a colo’d machine or something, you should not
>>>> have problems with caps, right?****
>>>>
>>>> ** **
>>>>
>>>> -Michael****
>>>>
>>>> ** **
>>>>
>>>> *From:* freeswitch-users-bounces at lists.freeswitch.org [mailto:
>>>> freeswitch-users-bounces at lists.freeswitch.org] *On Behalf Of *Philippe
>>>> Le Toquin
>>>> *Sent:* Tuesday, February 07, 2012 7:42 AM
>>>> *To:* FreeSWITCH-users at lists.freeswitch.org
>>>> *Subject:* [Freeswitch-users] needs some advice to secure my system****
>>>>
>>>> ** **
>>>>
>>>> Hello,
>>>>
>>>> Sorry to ask like that but could someone points me to some site that
>>>> explains exactly what I need to open towards the internet so that
>>>> my FS server is working while limiting its visibility?
>>>>
>>>> since 1st of February I have an IP that continually sends me SIP
>>>> Register request at a rate of 70KB/s. I have complained to my internet
>>>> provider but they refuse to help saying that the problem is on my side.
>>>> I also logged a complain to the provider on that IP and am waiting on that.
>>>>
>>>> At the moment on my firewall I opened port 5060 and 5080 (well now I
>>>> blocked as well that IP) but I want to know if both are really needed or if
>>>> I could block one of them
>>>>  or may be limit the port to some IP.
>>>>
>>>> Any help/links will be gladly received
>>>>
>>>> thanks
>>>>
>>>> /Philippe****
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> 
>>>> 
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://wiki.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120214/55796ffb/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list