Time to time I see attempts to make registrations (or to send INVITE requests) from some hostile hosts. They're probing FS and its configuration and so far have never succeeded.

Couple of days ago I've observed how one crazy host started attacking FreeSWITCH by sending huge flow of REGISTER requests (at a rate approximately 70-80 requests per sec). It started early morning and was going unattended for several hours. During that time FS made about 10 logs (each 10 MiB in size). Attacker used a dictionary of names, trying to check every name possible. Then it started enumerating numbers from 0 to 9999. Finally it simply got stuck in sending requests using just one number... When I discovered that, it was eventually blocked by firewall...

It's be nice if FS had a way to protect of such probing attacks automatically without me, watching it closely for any abnormal activity...

If some host tries to send multiple REGISTER requests in a short period of time (usually changing account name to register) - obviously it tires to break into the switch. It's easy to discover, by watching how many requests it sends per min (or even per sec). If it succeeds a limit (preferably set in configuration) - it should be blocked for a specified period of time (or even indefinitely). In this case I may left FS running unattended for a long period of time :).

Additionally, and it's related to this case too, it'd be nice, if FS has offered a way to permanently block some notorious IP's (ranges of IP or individual hosts), that always try to break into switch in order to use it without authorization.

I realize, it could be done with firewall. But those attacks are very behavioral specific and focused in breaking into SIP switches only, thus could be easily recognized and blocked quite effectively by switch itself (just when attack is started).