SOLVED Can't block IP bruteforcing my PBX

Status
Not open for further replies.
F

fusionpbxuser888

New Member
Jan 6, 2018
18
0
1
53
Hello!

Someone is trying to find a correct extension number to (attempt to) register to my PBX.

Like this:
Code: 
1    INVITE     3500@<mypbx-ext-Ip-num>        90048323395006@<mypbx-Ip-gateway>     37.49.229.183:19101    <mypbx-int-ip-num>:5060        CALL SETUP

I tried to have Fail2Ban block it, with a manually-added IP address, but no luck. So I put a rule in iptables myself (this is Debian 10):

Code: 
# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination        
DROP       all  --  37.49.229.183        anywhere

S/He just keeps coming at me. Why doesn't IP tables stop the request from getting to Freeswitch?

Thanks... I acutally have more serious problems I may post about shortly, but this was annoying me by quickly filling up all the space on the screen in sngrep.
 
A

ad5ou

Active Member
Jun 12, 2018
884
196
43
sngrep will show traffic even if it isn't making it to freeswitch. check for freeswitch responses to test if your rules are working.
 
F

fusionpbxuser888

New Member
Jan 6, 2018
18
0
1
53
ad5ou said:
sngrep will show traffic even if it isn't making it to freeswitch. check for freeswitch responses to test if your rules are working.
Click to expand...

Hmm. That blows my mind a bit, but I guess like a packet sniffer it picks up traffic right off the interface? As you see below (similar but different attacker) there was no response. THANK YOU!


Code: 
                                                             INVITE sip:01011972592277524@mypbxIP SIP/2.0
           163.172.230.4:60389             172.16.0.7:5060  │Via: SIP/2.0/UDP 0.0.0.0:60389;branch=z9hG4bK640761392
          ──────────┬─────────          ──────────┬─────────│Max-Forwards: 70
  17:55:25.832800   │        INVITE (SDP)         │         │From: <sip:010111586921145:5060@mypbxIP>;tag=1550460620
                    │ ──────────────────────────> │         │To: <sip:01011972592277524@mypbxIP>
                    │                             │         │Call-ID: 1445230276-501814850-1473650658
                    │                             │         │CSeq: 1 INVITE
                    │                             │         │Contact: <sip:010111586921145:5060@212.129.10.158:60389>
                    │                             │         │User-Agent: pplsip
                    │                             │         │Content-Type: application/sdp
                    │                             │         │Content-Length: 209
                    │                             │         │
                    │                             │         │v=0
                    │                             │         │o=010111586921145:5060 16264 18299 IN IP4 0.0.0.0
                    │                             │         │s=pplsip
                    │                             │         │c=IN IP4 0.0.0.0
                    │                             │         │t=0 0
                    │                             │         │m=audio 25282 RTP/AVP 100 6 0 8 3 18 5 101
                    │                             │         │a=rtpmap:0 pcmu/8000
                    │                             │         │a=rtpmap:101 telephone-event/8000
                    │                             │         │a=fmtp:101 0-11
 
Status
Not open for further replies.
Top Bottom