VoIP Mailing List Archives :: View topic - [Freeswitch-users] Avoiding DDoS with verto?

Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community

[Freeswitch-users] Avoiding DDoS with verto?

VoIP Mailing List Archives Forum Index -> freeSWITCH Users

View previous topic :: View next topic

Author

Message

davidswalkabout at gma...
Guest

Posted: Thu Oct 07, 2021 4:21 pm Post subject: [Freeswitch-users] Avoiding DDoS with verto?

After reading about recent DDoS attacks on VOIP providers in https://www.rtcsec.com/post/2021/09/massive-ddos-attacks-on-voip-providers-and-simulated-ddos-testing/ in which Freeswitch is mentioned, I wondered what current practices are for services that must serve the public Internet. For example, a service that is purely verto-based seems like it could protect itself in this way: 1) Block requests on all ports (except the verto WSS login) unless the request is from an address that's already part of signaling. 2) To protect signaling, put it behind AWS API Gateway, which provides rate-limiting, and add an authorization check. Does this seem like it would defend against DDoS? Can FS be configured to do #1?

dujinfang at gmail.com
Guest

Posted: Tue Oct 12, 2021 8:44 pm Post subject: [Freeswitch-users] Avoiding DDoS with verto?

maybe tweak some code so it can log the src ip and fail2ban can catch it.

On Fri, Oct 8, 2021 at 5:11 AM David P <davidswalkabout@gmail.com (davidswalkabout@gmail.com)> wrote:

Quote:

After reading about recent DDoS attacks on VOIP providers in https://www.rtcsec.com/post/2021/09/massive-ddos-attacks-on-voip-providers-and-simulated-ddos-testing/ in which Freeswitch is mentioned, I wondered what current practices are for services that must serve the public Internet.

For example, a service that is purely verto-based seems like it could protect itself in this way:

1) Block requests on all ports (except the verto WSS login) unless the request is from an address that's already part of signaling.

2) To protect signaling, put it behind AWS API Gateway, which provides rate-limiting, and add an authorization check.

Does this seem like it would defend against DDoS? Can FS be configured to do #1?

_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales@freeswitch.com (sales@freeswitch.com)
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com

--
About: http://about.me/dujinfang
Blog: http://www.dujinfang.com
Proj: http://www.freeswitch.org.cn

Display posts from previous:

	VoIP Mailing List Archives Forum Index -> freeSWITCH Users	All times are GMT - 5 Hours
Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum