[Freeswitch-users] Brute-force attack

Dave R. Kompel drk at drkngs.net
Thu Jun 14 21:03:14 MSD 2012 

I already have implmented this a while ago, however it's burried in a product. Now that I see there is some interest, I can pull it out, and make it a standalone module.   
   
It's implmented in a C# module which runs under mod_managed. Has a single IApiPlugin class so that mod_managed will keep it loaded, and so you have an API command to shut it down, so you can replace it while it's running, and another static class that implments INotifyPluginLoaded to start a thread that sits in an EventConsumer loop.   
   
The tracking of failures is done by updating a Dictionary<String, myTrakingClass>() where the Key is the IP address as a string. Since it's very easy to call any WMI/CIMV2 queries/updates from managed code, it can just add and remove either IPSEC filter, or Advanced firewall rules directly.  
   
If you all would like me to do this, please respond. The more the response, the higher it will be on my priority list.  
   
--Dave
      _____  

  From: jay binks [mailto:jaybinks at gmail.com]
To: FreeSWITCH Users Help [mailto:freeswitch-users at lists.freeswitch.org]
Sent: Thu, 14 Jun 2012 02:55:50 -0700
Subject: Re: [Freeswitch-users] Brute-force attack

Hey ..  

  
On 14 June 2012 16:16, Peter Olsson <peter.olsson at visionutveckling.se> wrote:
  Anyway, for this kind of setup I would also prefer Linux, but mostly for the possibilites with fail2ban etc, which doesn't exist on Windows. I'm thinking of writiling something similar for Windows, hopefully I get som time for that soon...

/Peter
  

  
if you do get round to writing something like this let me know.  ( not that I even have a windows box )  
but when I wrote the patches for FS to do the Fail2Ban compatible logging, I created ESL Events also   
with the intention that we could do a FS module "mod_security" or something ( no time given to the name )  

  
it would be fairly simple to move some of the fail2ban functionality into such a module that could either call out to simple scripts or  
insert firewall rules its self.     

  
I have some ideas here, and I would probably be interested in working on this with others.  

  
Jay  
       
   
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120614/f54ddd4d/attachment.html

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list