[Freeswitch-users] What kind of attack is this?
Ken Rice
krice at freeswitch.org
Mon Oct 14 21:55:41 MSD 2013
There are counter attacks for sipvicious, the author has intentionally left
ways to counter strike... This is something that fail2ban and others are out
there for... Building them into freeswitch itself would create even more
overhead and probably couldn’t do as good of a job as a purpose build IDS
On 10/14/13 12:21 PM, "Martin Cmelik" <martin.cmelik at gmail.com> wrote:
> Wouldnt be possible to have some IDS countermeasure and attack mitigation
> directly build in FS?
> For example Snort have more than 100 signatures for SIP attacks, but Snort is
> resource intensive and also cant inspect encrypted traffic.
>
> Thank you
>
> S pozdravem / Best regards,
> Martin Čmelík
>
> Sent from
>
> On 14. 10. 2013, at 18:59, Steven Ayre <steveayre at gmail.com> wrote:
>
>> Remember unless it gets blocked upstream the packet will still hit your
>> firewall/server. Not FreeSWITCH sure, but it'll still consume some resources
>> to receive, identify and block it. The scanner does not care that you're not
>> responding, it'll continue to send anyway.
>>
>>
>> On 14 October 2013 15:57, Mimiko <vbvbrj at gmail.com> wrote:
>>> On 14.10.2013 17:54, Ken Rice wrote:
>>>> > This is sipvicious, its a brute force scanner... See
>>>> > http://wiki.freeswitch.org/wiki/Fail2ban on how to setup Fail2ban with
>>>> > FreeSWITCH to defeat this attack
>>>
>>> Ken thank you. I am planning to set up Fail2ban. But for now need to
>>> drop any packet from offending IP.
>>>
>>> --
>>> Mimiko desu.
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>>
>>>
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>>
>>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>> http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
--
Ken
http://www.FreeSWITCH.org
http://www.ClueCon.com
http://www.OSTAG.org
irc.freenode.net #freeswitch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20131014/d6a28212/attachment.html
Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users
mailing list