[Freeswitch-users] Brute-force attack
jack at livecall.com
Thu Jun 14 09:43:57 MSD 2012
I have run into this same problem with win2003. You may need to check
to see if windows 7 has IPSEC service.
If so, you can set up a blocked list in ipsec that you can add ip
addresses to and windows won't let them into your machine.
Click on Start menu
choose Administrative Tools
Find IPSEC Services - double click to open properties - make sure it is
set to Automatic and started.
You can create the block list by issuing the following commands from a
netsh ipsec static add filteraction name=Block action=block
netsh ipsec static add filter filterlist=BlockList
netsh ipsec static add policy name=Block assign=yes activatedefaultrule=no
netsh ipsec static add rule name=BlockList policy=Block
netsh ipsec static delete filter filterlist=BlockList
create a directory called blockip
now in notepad create blockip.bat with the following line in it:
netsh ipsec static add filter filterlist=BlockList srcaddr=%1 dstaddr=me
Now , in notepad, createunblockip.bat with the following line in it:
netsh ipsec static delete filter filterlist=BlockList srcaddr=%1 dstaddr=me
to block ip address 126.96.36.199 type blockip 188.8.131.52
at a command prompt.
to unblock ip address 184.108.40.206 type unblockip 220.127.116.11
at a command prompt.
You can use xml_curl to keep track of hit frequency and do the blocking
hope that helps....
On 6/13/2012 7:27 PM, ocset wrote:
> I have deployed Freeswiitch on windows 7 and since there is no fail2ban
> on windows, I was wondering what the real risk is with opening it up to
> the internet. If I was to ensure that all users and passwords were
> extremely difficult to guess (passwords like "2$53E_d7?^2!3s$"), what
> are the risks that I am exposing myself to? Is there a type of DoS for
> voip where hackers can just flood my system with requests simply to be
> There are VB windows scripts available that emulate what fail2ban does
> on Linux but I was just wondering whether I really need to implement
> this level of security if I can control the password complexity in
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> Official FreeSWITCH Sites
> Join Us At ClueCon - Aug 7-9, 2012
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users