Introduction

The essence of this type of brute-force attack is an attempt by an attacker to bypass the standard fail2ban security restrictions for Freeswitch and ASTPP by enumerating account numbers using bruteforce template sip: (n + 1) to gain access to their data (probably).

Listing attack issue

Listing attack log: 2.png

Fixed by IPTABLES IP ban: # iptables -I INPUT -s 193.107.216.182 -j DROP

Ban check:

Conclusion

This is not a complete solution to the problem, because if the attacker uses a different IP, the attack will resume. Also, if you try to block such attempts through fail2ban, then the attacker can simply increase the time interval between requests and the task of blocking it without affecting the normal functioning of the call server becomes many times more difficult. But in this case, the attacker never came back.

End of document

***