freeswitch-acl-reject Configuration

« freeswitch-acl-reject »
v0.2 by crowdsecurity
Attack scenarioremediation:trueservice:freeswitchspoofable:0MITRE:T1190confidence:3

Detect freeswitch acl rejects

Installation

cscli scenarios install crowdsecurity/freeswitch-acl-reject

Description

FreeSWITCH has the option to set trusted ACL's this will detect when a request is rejected due to the ACL. An IP will have 15 attempts before being blocked.

YAML Configuration

1type: leaky
2name: crowdsecurity/freeswitch-acl-reject
3description: "Detect freeswitch acl rejects"
4filter: "evt.Meta.service == 'freeswitch' && evt.Meta.sub_type == 'acl_reject'"
5leakspeed: "10s"
6capacity: 15
7groupby: evt.Meta.source_ip
8blackhole: 1m
9labels:
10  confidence: 3
11  spoofable: 0
12  classification:
13    - attack.T1190
14  behavior: "http:exploit"
15  label: "CVE-2018-13379"
16  remediation: true
17  service: freeswitch
18

Hub configuration

« freeswitch-acl-reject »v0.2 by crowdsecurityAttack scenarioremediation:trueservice:freeswitchspoofable:0MITRE:T1190confidence:3

« freeswitch-acl-reject »
v0.2 by crowdsecurity
Attack scenarioremediation:trueservice:freeswitchspoofable:0MITRE:T1190confidence:3