[Freeswitch-users] connexion attempts behing a firewall (wtf?)

Brian Foster bdfoster at endigotech.com
Mon Mar 12 02:21:01 MSK 2012 

This happens all the time. You need fail2ban set up properly. There are
articles on both the freeswitch and fusionpbx wikis. I run a public server
and I get people doing scans all the time. Does it worry me? No. Of course
not. That's what fail2ban and other measures are for. Don't need to get all
tinfoil hat about this.
On Mar 11, 2012 7:09 PM, "Bzzz" <lazyvirus at gmx.com> wrote:

> Hi,
>
> I just setup an FS svr w/ fusionpbx (only ext.+users created), and I
> found THAT in the FS log:
>
> 2012-03-11 16:51:30.795812 [DEBUG] sofia.c:7567 IP 72.55.156.56 Rejected
> by acl "domains". Falling back to Digest auth.
> 2012-03-11 16:51:30.795812 [WARNING] sofia_reg.c:1422 SIP auth challenge
> (INVITE) on sofia profile 'internal' for [88775950945170 at 86.68.18.226]
> from ip 72.55.156.56
> 2012-03-11 16:51:31.115813 [DEBUG] sofia.c:7567 IP 72.55.156.56 Rejected
> by acl "domains". Falling back to Digest auth.
> 2012-03-11 16:51:31.115813 [WARNING] sofia_reg.c:1422 SIP auth challenge
> (INVITE) on sofia profile 'internal' for [011441212790583 at 86.68.18.226]
> from ip 72.55.156.56
> 2012-03-11 16:51:31.985813 [DEBUG] sofia.c:7567 IP 72.55.156.56 Rejected
> by acl "domains". Falling back to Digest auth.
> 2012-03-11 16:51:31.985813 [WARNING] sofia_reg.c:1422 SIP auth challenge
> (INVITE) on sofia profile 'internal' for [00441212790587 at 86.68.18.226]
> from ip 72.55.156.56
> 2012-03-11 16:51:33.015828 [DEBUG] sofia.c:7567 IP 72.55.156.56 Rejected
> by acl "domains". Falling back to Digest auth.
> 2012-03-11 16:51:33.015828 [WARNING] sofia_reg.c:1422 SIP auth challenge
> (INVITE) on sofia profile 'internal' for [000441212790581 at 86.68.18.226]
> from ip 72.55.156.56
>
> How can this freak reach my svr as I'm in my LAN and my modem box
> integrates a firewall.
>
> Oook (but not): just checked my box and found that there are 4
> uPNP new rules:
>  0       UDP     5060    192.168.1.25    5060
>  1       TCP     5060    192.168.1.25    5060
>  2       UDP     5080    192.168.1.25    5080
>  3       TCP     5080    192.168.1.25    5080
>
> I understand FS is opening these ports to be reached by external
> subscribers, but where can I stop it to do so until I made my
> internal tests, change these ports and limited VoIP to TLS only?
>
> JY
> --
> masturbation, n.:
>        Coming unscrewed.
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120311/d7bd5759/attachment-0001.html

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list