wget -qO - http://www.infiltrated.net/voipabuse/addresses.txt |\ awk '{print "iptables -A INPUT -s "$1" -j DROP"}'
On Sun, Nov 28, 2010 at 10:39 PM, Gerald Drouillard <gerryl...@drouillard.ca > wrote: > On 10/15/2010 12:08 PM, Gerald Drouillard wrote: > > I forget where I got the idea for this but you may want to try something > > like this to limit the udp connections on 5060: > > > > FILE=/etc/rc.local > > echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > > -m recent --set">>$FILE > > echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > > -m recent --rcheck --seconds 3600 --hitcount 100 -j DROP">>$FILE > > echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > > -m recent --rcheck --seconds 600 --hitcount 20 -j DROP">>$FILE > > echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > > -m recent --rcheck --seconds 300 --hitcount 10 -j DROP">>$FILE > > echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > > -m recent --rcheck --seconds 180 --hitcount 5 -j DROP">>$FILE > > echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > > -m recent --rcheck --seconds 60 --hitcount 3 -j DROP">>$FILE > > > > To try it out you don't have to put it in the rc.local file, just > > execute the commands as root. Example: > > /sbin/iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > > -m recent --set > > > > > Having just experience my first sipvicious attack I would recommend the > following in rc.local: > > /sbin/iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > -m recent --set > /sbin/iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > -m recent --rcheck --seconds 3600 --hitcount 100 -j REJECT > /sbin/iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > -m recent --rcheck --seconds 600 --hitcount 30 -j REJECT > /sbin/iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > -m recent --rcheck --seconds 300 --hitcount 20 -j REJECT > /sbin/iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > -m recent --rcheck --seconds 180 --hitcount 10 -j REJECT > /sbin/iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > -m recent --rcheck --seconds 60 --hitcount 6 -j REJECT > > > Note the use of REJECT instead of DROP. > Inspiration from this came from: > http://jcs.org/notaweblog/2010/04/11/properly_stopping_a_sip_flood/ > > > > -- > Regards > -------------------------------------- > Gerald Drouillard > Technology Architect > Drouillard& Associates, Inc. > http://www.Drouillard.biz > > _______________________________________________ > sipx-users mailing list > sipx-users@list.sipfoundry.org > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: tgrazi...@voice.myitdepartment.net Fax: 434.326.5325 Email: tgrazi...@myitdepartment.net LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: helpd...@voice.myitdepartment.net Helpdesk Contract Customers: http://support.myitdepartment.net <http://support.myitdepartment.net>Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4
_______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/
