[Freeswitch-users] stop unwanted registration attempts
Jurijs Ivolga
jurijs.ivolga at gmail.com
Wed Aug 3 10:01:59 MSD 2016
Hi,
There is several options:
1) Close your server to outside world with iptables, so only you from
secure location can register.
2) Fail2ban
3) You can put in front Kamailio sip proxy which will handle security(like
allowing registration from specific User-Agent, pike module and etc)
4) You can use iptables to block unwanted traffic from specific user-agent:
http://ithelpblog.com/voice/prevent-or-deny-sip-dos-attack-sip-scanner-by-iptables-firewall/
5) You can use iptables hashlimit to stop flood:
https://wiki.freeswitch.org/wiki/QoS#DoS_REGISTER_Attack_Prevention
Maybe there some other options, this is what I now remember.
With kind regards,
Jurijs
On Wed, Aug 3, 2016 at 7:57 AM, Jungle Boogie <jungleboogie0 at gmail.com>
wrote:
> Hi All,
>
> How do people stop bad registration attempts to freeswitch? Is it pretty
> much impossible so don't worry about it as long as you have fail2ban?
>
> Using sngrep, I see lots of registration attempts like this:
>
> My actual IP has been replaced with 1.2.3.4.
>
> 2016/08/02 21:35:33.397073 195.154.48.130:5080 -> 192.168.0.137:5060
> REGISTER sip:1.2.3.4:5060 SIP/2.0
> Via: SIP/2.0/UDP
> 195.154.48.130:5080;branch=z9hG4bK23552ce85a146013577b3912;rport
> From: "7612" <sip:7612 at 1.2.3.4:5060>;tag=23552ce8ba27
> To: "7612" <sip:7612 at 1.2.3.4:5060>
> Call-ID: ce85a14-4c0e6013-577b3912 at 1.2.3.4
> CSeq: 1 REGISTER
> Contact: "7612" <sip:7612 at 195.154.48.130:5080>
> User-Agent: VaxSIPUserAgent/3.1
> Expires: 1800
> Max-Forwards: 70
> Content-Length: 0
>
> I have these iptables rules:
> -P INPUT ACCEPT
> -P FORWARD ACCEPT
> -P OUTPUT ACCEPT
> -N f2b-freeswitch
> -A INPUT -j f2b-freeswitch
> -A INPUT -p tcp -m string --string "VaxSIPUserAgent/3.1" --algo bm --to
> 65535 -j DROP
> -A INPUT -p udp -m string --string "VaxSIPUserAgent/3.1" --algo bm --to
> 65535 -j DROP
> -A INPUT -p udp -m udp --dport 5080 -m string --string "sipcli" --algo
> bm --to 65535 -j DROP
> -A INPUT -p udp -m udp --dport 5080 -m string --string
> "friendly-scanner" --algo bm --to 65535 -j DROP
> -A INPUT -p udp -m udp --dport 5080 -m string --string "VaxSIPUserAgent"
> --algo bm --to 65535 -j DROP
> -A INPUT -p udp -m udp --dport 5060 -m string --string "sipcli" --algo
> bm --to 65535 -j DROP
> -A INPUT -p udp -m udp --dport 5060 -m string --string
> "friendly-scanner" --algo bm --to 65535 -j DROP
> -A INPUT -p udp -m udp --dport 5060 -m string --string "VaxSIPUserAgent"
> --algo bm --to 65535 -j DROP
> -A INPUT -j f2b-freeswitch
> -A f2b-freeswitch -j RETURN
>
> Are my rules not stopping this registration because it's not being
> recorded in any logs?
>
> How do you stop (or prevent) unwanted registration attempts, even if
> it's a sip scanner?
>
> Thanks!
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160803/ba7c1e1a/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list