[Freeswitch-users] What kind of attack is this?

Mimiko vbvbrj at gmail.com
Mon Oct 14 22:05:39 MSD 2013


On 14.10.2013 20:55, Ken Rice wrote:
> There are counter attacks for sipvicious, the author has intentionally
> left ways to counter strike... This is something that fail2ban and
> others are out there for... Building them into freeswitch itself would
> create even more overhead and probably couldn’t do as good of a job as a
> purpose build IDS

Fail2ban must be apart from FS, as it can be used to monitor other 
services hosted on same machine. Even SSH server.

Although the attacker's IP was blocked I still see in logs:
Where is sofia/internal_A.B.C.D/100 at A.B.C.D appears?

35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:48:51.690475 [NOTICE] 
switch_channel.c:1034 New Channel sofia/internal_A.B.C.D/100 at A.B.C.D 
[35a84dc8-0a11-449a-9a81-aa0a6ad75ab6]
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:48:51.690475 [DEBUG] 
switch_core_session.c:1010 Send signal 
sofia/internal_A.B.C.D/100 at A.B.C.D [BREAK]
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:48:51.690475 [DEBUG] 
switch_core_session.c:1010 Send signal 
sofia/internal_A.B.C.D/100 at A.B.C.D [BREAK]
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:48:51.690475 [DEBUG] 
switch_core_state_machine.c:418 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
Running State Change CS_NEW
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:48:51.690475 [DEBUG] 
switch_core_state_machine.c:436 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
State NEW
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:48:51.810383 [DEBUG] 
switch_core_session.c:1010 Send signal 
sofia/internal_A.B.C.D/100 at A.B.C.D [BREAK]
2013-10-14 20:48:51.810383 [DEBUG] sofia.c:1787 detaching session 
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 
[WARNING] switch_core_state_machine.c:517 
9ed841f1-b75d-4462-b8c4-100b976d3567 sofia/internal_A.B.C.D/100 at A.B.C.D 
Abandoned
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [NOTICE] 
switch_core_state_machine.c:520 Hangup 
sofia/internal_A.B.C.D/100 at A.B.C.D [CS_NEW] [WRONG_CALL_STATE]
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_channel.c:3139 Send signal sofia/internal_A.B.C.D/100 at A.B.C.D [KILL]
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_session.c:1345 Send signal 
sofia/internal_A.B.C.D/100 at A.B.C.D [BREAK]
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_state_machine.c:418 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
Running State Change CS_HANGUP
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_state_machine.c:681 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
State HANGUP
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
mod_sofia.c:465 Channel sofia/internal_A.B.C.D/100 at A.B.C.D hanging up, 
cause: WRONG_CALL_STATE
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_state_machine.c:48 sofia/internal_A.B.C.D/100 at A.B.C.D 
Standard HANGUP, cause: WRONG_CALL_STATE
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_state_machine.c:681 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
State HANGUP going to sleep
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_state_machine.c:694 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
Callstate Change DOWN -> HANGUP
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_state_machine.c:449 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
State Change CS_HANGUP -> CS_REPORTING
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_session.c:1345 Send signal 
sofia/internal_A.B.C.D/100 at A.B.C.D [BREAK]
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_state_machine.c:418 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
Running State Change CS_REPORTING
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_state_machine.c:766 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
State REPORTING
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_state_machine.c:92 sofia/internal_A.B.C.D/100 at A.B.C.D 
Standard REPORTING, cause: WRONG_CALL_STATE
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_state_machine.c:766 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
State REPORTING going to sleep
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_state_machine.c:443 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
State Change CS_REPORTING -> CS_DESTROY
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_session.c:1345 Send signal 
sofia/internal_A.B.C.D/100 at A.B.C.D [BREAK]
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_session.c:1553 Session 85 
(sofia/internal_A.B.C.D/100 at A.B.C.D) Locked, Waiting on external entities
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [NOTICE] 
switch_core_session.c:1571 Session 85 
(sofia/internal_A.B.C.D/100 at A.B.C.D) Ended
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [NOTICE] 
switch_core_session.c:1575 Close Channel 
sofia/internal_A.B.C.D/100 at A.B.C.D [CS_DESTROY]
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_state_machine.c:568 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
Callstate Change HANGUP -> DOWN
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_state_machine.c:571 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
Running State Change CS_DESTROY
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_state_machine.c:581 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
State DESTROY
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
mod_sofia.c:375 sofia/internal_A.B.C.D/100 at A.B.C.D SOFIA DESTROY
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_state_machine.c:99 sofia/internal_A.B.C.D/100 at A.B.C.D 
Standard DESTROY
9ed841f1-b75d-4462-b8c4-100b976d3567 2013-10-14 20:48:56.370468 [DEBUG] 
switch_core_state_machine.c:581 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
State DESTROY going to sleep
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 
[WARNING] switch_core_state_machine.c:517 
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 sofia/internal_A.B.C.D/100 at A.B.C.D 
Abandoned
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [NOTICE] 
switch_core_state_machine.c:520 Hangup 
sofia/internal_A.B.C.D/100 at A.B.C.D [CS_NEW] [WRONG_CALL_STATE]
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_channel.c:3139 Send signal sofia/internal_A.B.C.D/100 at A.B.C.D [KILL]
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_session.c:1345 Send signal 
sofia/internal_A.B.C.D/100 at A.B.C.D [BREAK]
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_state_machine.c:418 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
Running State Change CS_HANGUP
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_state_machine.c:681 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
State HANGUP
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
mod_sofia.c:465 Channel sofia/internal_A.B.C.D/100 at A.B.C.D hanging up, 
cause: WRONG_CALL_STATE
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_state_machine.c:48 sofia/internal_A.B.C.D/100 at A.B.C.D 
Standard HANGUP, cause: WRONG_CALL_STATE
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_state_machine.c:681 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
State HANGUP going to sleep
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_state_machine.c:694 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
Callstate Change DOWN -> HANGUP
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_state_machine.c:449 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
State Change CS_HANGUP -> CS_REPORTING
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_session.c:1345 Send signal 
sofia/internal_A.B.C.D/100 at A.B.C.D [BREAK]
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_state_machine.c:418 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
Running State Change CS_REPORTING
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_state_machine.c:766 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
State REPORTING
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_state_machine.c:92 sofia/internal_A.B.C.D/100 at A.B.C.D 
Standard REPORTING, cause: WRONG_CALL_STATE
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_state_machine.c:766 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
State REPORTING going to sleep
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_state_machine.c:443 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
State Change CS_REPORTING -> CS_DESTROY
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_session.c:1345 Send signal 
sofia/internal_A.B.C.D/100 at A.B.C.D [BREAK]
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_session.c:1553 Session 86 
(sofia/internal_A.B.C.D/100 at A.B.C.D) Locked, Waiting on external entities
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [NOTICE] 
switch_core_session.c:1571 Session 86 
(sofia/internal_A.B.C.D/100 at A.B.C.D) Ended
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [NOTICE] 
switch_core_session.c:1575 Close Channel 
sofia/internal_A.B.C.D/100 at A.B.C.D [CS_DESTROY]
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_state_machine.c:568 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
Callstate Change HANGUP -> DOWN
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_state_machine.c:571 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
Running State Change CS_DESTROY
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_state_machine.c:581 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
State DESTROY
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
mod_sofia.c:375 sofia/internal_A.B.C.D/100 at A.B.C.D SOFIA DESTROY
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_state_machine.c:99 sofia/internal_A.B.C.D/100 at A.B.C.D 
Standard DESTROY
35a84dc8-0a11-449a-9a81-aa0a6ad75ab6 2013-10-14 20:49:01.830470 [DEBUG] 
switch_core_state_machine.c:581 (sofia/internal_A.B.C.D/100 at A.B.C.D) 
State DESTROY going to sleep

-- 
Mimiko desu.



Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list