[Freeswitch-users] Brute-force attack
Dave R. Kompel
drk at drkngs.net
Thu Jun 14 21:03:14 MSD 2012
I already have implmented this a while ago, however it's burried in a product. Now that I see there is some interest, I can pull it out, and make it a standalone module.
It's implmented in a C# module which runs under mod_managed. Has a single IApiPlugin class so that mod_managed will keep it loaded, and so you have an API command to shut it down, so you can replace it while it's running, and another static class that implments INotifyPluginLoaded to start a thread that sits in an EventConsumer loop.
The tracking of failures is done by updating a Dictionary<String, myTrakingClass>() where the Key is the IP address as a string. Since it's very easy to call any WMI/CIMV2 queries/updates from managed code, it can just add and remove either IPSEC filter, or Advanced firewall rules directly.
If you all would like me to do this, please respond. The more the response, the higher it will be on my priority list.
From: jay binks [mailto:jaybinks at gmail.com]
To: FreeSWITCH Users Help [mailto:freeswitch-users at lists.freeswitch.org]
Sent: Thu, 14 Jun 2012 02:55:50 -0700
Subject: Re: [Freeswitch-users] Brute-force attack
On 14 June 2012 16:16, Peter Olsson <peter.olsson at visionutveckling.se> wrote:
Anyway, for this kind of setup I would also prefer Linux, but mostly for the possibilites with fail2ban etc, which doesn't exist on Windows. I'm thinking of writiling something similar for Windows, hopefully I get som time for that soon...
if you do get round to writing something like this let me know. ( not that I even have a windows box )
but when I wrote the patches for FS to do the Fail2Ban compatible logging, I created ESL Events also
with the intention that we could do a FS module "mod_security" or something ( no time given to the name )
it would be fairly simple to move some of the fail2ban functionality into such a module that could either call out to simple scripts or
insert firewall rules its self.
I have some ideas here, and I would probably be interested in working on this with others.
-------------- next part --------------
An HTML attachment was scrubbed...
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users