[Freeswitch-users] stop unwanted registration attempts

Jungle Boogie jungleboogie0 at gmail.com
Wed Aug 3 08:57:12 MSD 2016


Hi All,

How do people stop bad registration attempts to freeswitch? Is it pretty
much impossible so don't worry about it as long as you have fail2ban?

Using sngrep, I see lots of registration attempts like this:

My actual IP has been replaced with 1.2.3.4.

2016/08/02 21:35:33.397073 195.154.48.130:5080 -> 192.168.0.137:5060
REGISTER sip:1.2.3.4:5060 SIP/2.0
Via: SIP/2.0/UDP
195.154.48.130:5080;branch=z9hG4bK23552ce85a146013577b3912;rport
From: "7612" <sip:7612 at 1.2.3.4:5060>;tag=23552ce8ba27
To: "7612" <sip:7612 at 1.2.3.4:5060>
Call-ID: ce85a14-4c0e6013-577b3912 at 1.2.3.4
CSeq: 1 REGISTER
Contact: "7612" <sip:7612 at 195.154.48.130:5080>
User-Agent: VaxSIPUserAgent/3.1
Expires: 1800
Max-Forwards: 70
Content-Length: 0

I have these iptables rules:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N f2b-freeswitch
-A INPUT -j f2b-freeswitch
-A INPUT -p tcp -m string --string "VaxSIPUserAgent/3.1" --algo bm --to
65535 -j DROP
-A INPUT -p udp -m string --string "VaxSIPUserAgent/3.1" --algo bm --to
65535 -j DROP
-A INPUT -p udp -m udp --dport 5080 -m string --string "sipcli" --algo
bm --to 65535 -j DROP
-A INPUT -p udp -m udp --dport 5080 -m string --string
"friendly-scanner" --algo bm --to 65535 -j DROP
-A INPUT -p udp -m udp --dport 5080 -m string --string "VaxSIPUserAgent"
--algo bm --to 65535 -j DROP
-A INPUT -p udp -m udp --dport 5060 -m string --string "sipcli" --algo
bm --to 65535 -j DROP
-A INPUT -p udp -m udp --dport 5060 -m string --string
"friendly-scanner" --algo bm --to 65535 -j DROP
-A INPUT -p udp -m udp --dport 5060 -m string --string "VaxSIPUserAgent"
--algo bm --to 65535 -j DROP
-A INPUT -j f2b-freeswitch
-A f2b-freeswitch -j RETURN

Are my rules not stopping this registration because it's not being
recorded in any logs?

How do you stop (or prevent) unwanted registration attempts, even if
it's a sip scanner?

Thanks!




Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list