[Freeswitch-users] Hello hackers!
Cal Leeming [Simplicity Media Ltd]
cal.leeming at simplicitymedialtd.co.uk
Sun Dec 9 18:02:16 MSK 2012
Sounds like I might have slightly misinterpreted your initial email and
jumped too fast to a conclusion, so my apologies for this!
I agree that it's rare to have a discussion about such topics without
things getting hot, and hearing someone else's thoughts on the subject has
been quite interesting.
Cal
On Sun, Dec 9, 2012 at 6:49 AM, Brian Foster <bdfoster at endigotech.com>wrote:
> I appreciate your comments and concerns, and I respect the fact that we
> can talk about this stuff without things getting ugly. My comments are
> below.
>
> -BDF
>
>
> On Sat, Dec 8, 2012 at 11:46 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leeming at simplicitymedialtd.co.uk> wrote:
>
>> Thank you for the detailed response.
>>
>> On Sun, Dec 9, 2012 at 1:29 AM, Brian Foster <bdfoster at endigotech.com>wrote:
>>
>>> The 'bad apple' in which I was referring to was using the same IP as a
>>> client of ours. He was trying to DOS the honeypot from an IP I posted on
>>> the mailing list when doing some testing for someone. I have no idea if he
>>> read the post on the mailing list or not. It's not really of my concern.
>>>
>>
>> You know what happens when someone attacks one of our clients?
>>
>> We track them down, introduce them to the CTO/CEO of the company they
>> attacked, and give them an opportunity to prove themselves. I have been
>> involved in this process on several occasions now where the outcome has
>> been extremely positive. I'm not saying this works all the time, but
>> sometimes people don't need punishment, they need guidance.
>>
>
> This is not really a practice of ours because there are so many people out
> there that contribute to the problem. It's too time consuming to educate
> those people. I really wish I could do that, but it's just not feasible. We
> do not actively pursue these abusive IP's nor do we DDOS them or fight back
> in any other way other than fighting back some of the noise through
> blocking those activities on machines we support.
>
>
>>
>>> If you got on the wiki and searched for fail2ban, you would be setting
>>> up your server to jail the same IP's we are under the same circumstances.
>>> The only difference is we log who gets caught by fail2ban and distribute
>>> the list internally.
>>>
>>
>>> We do not release this information per company policy. We also do not
>>> gather this information from other sources. We only use the information we
>>> gather through the processes we put in to place.
>>>
>>> My comment on the 180K IP's was mostly sarcastic, however. It probably
>>> wasn't appropriate and I do apologize for that.
>>>
>>> I'm not exactly up to date on the legalities of releasing that type of
>>> information so we rather not release it. It's nothing against the
>>> freeswitch community or the open source community. We just don't like
>>> getting in trouble.
>>>
>>> If we did spend the resources into making sure everything was legal on
>>> the information regarding the 180K IP's, we would certainly release these
>>> free of charge. It's not something I would be interested in making money
>>> from.
>>>
>>
>> The concept is no different to email blacklist databases (e.g. XBL), and
>> there would be no legalities stopping you from releasing this information
>> into the public domain - only internal red tape and policies. I can say
>> this with at least some authority on the subject (although I'm by no means
>> an expert).
>>
>
> I'm open to this idea, but I would have to consult attorneys to do this.
> We operate very cautiously as in we do not operate in grey areas. If this
> is a potential grey area we will certainly take the extra precautions in
> order to prevent legal issues.
>
> This isn't some big company that has endless amounts of resources. We're a
> small business, just like those we support. We also have to consider how
> this effects our clients as well, and we're not about to take the risk of
> operating in a grey area. I can't afford mistakes like that especially
> since we're still a brand new company in the grand scheme of things.
>
>
>> Right now we live in a society where often companies can't/won't share
>> information for one reason or another (I hear the 'company policy' story a
>> lot), but yet feel it's okay to use years of time/development in open
>> source for free. I mean no direct disrespect, I just personally find this
>> quite irritating.
>>
>
> First of all I'd like to introduce you to the CEO of Endigo Computer LLC.
> He's 23 years old, and is currently in school pursuing his Bachelors in
> Computer Science and eventually his Masters. He also works part time at a
> real estate firm. Hi :)
>
> We are not foreign to the open source world. I founded this company back
> in 2010 to help promote the use of open source software. We seek clients
> who are tired of proprietary, non-moldable software for an open-source
> based solution that works for them. Most of our technical staff are hired
> from within the open source community and contribute to various open source
> projects both on and off company time. I'm extremely happy to find people
> who live and breathe the open source philosophy.
>
>
>>
>>> As far as telling this story on a public mailing list, it won't stop
>>> anyone from trying to hack into anyone's server. It does frustrate me that
>>> I have to do any of this stuff at all, but there's always going to be
>>> someone out there trying to screw it up for the rest of us. These servers
>>> are also set up for testing, which is why I use them when trying to help
>>> people on the mailing list. There is really nothing you can do to these
>>> machines to 'screw them up'. They are VPS's. There are no accounts tied to
>>> them. We can change those IP's in a heartbeat. There's really no risk.
>>> Besides, hackers can't read ;)
>>>
>>
>>> The biggest thing you should take away from this post is that I'm pissed
>>> off that I have to go through all of this. Even though it makes our lives
>>> easier in the long run, it's still an expense we could live without.
>>>
>>
>> Giving away IPs shouldn't amount to any concern in the first place
>> though, hence the previous comment about security through obscurity..
>>
>
>> It all comes down to stacking... there is no one big solution, just lots
>> of small solutions (assuming you don't believe those AF/WAF sales guys
>> selling god damn snake oil)
>>
>> Production services really shouldn't be live without at least being
>> behind some form of DPI/SPI appliance (L7 deep/stateful packet inspection).
>>
>> I will agree with you that cost can be a contributing factor.. but hey, I
>> don't like paying tax.. still gotta pay it!
>>
>
> This strategy of using honeypots is certainly not the only tactic we use
> to fight attacks like this. It's just one piece of the puzzle. I can assure
> you there are many other processes in place to actively and passively
> protect the machines we support.
>
>
>>
>>
>>>
>>> Believe it or not the whole reason why I started doing honeypots is that
>>> about 8 months ago I DID release IP's that I shouldn't have, by accident.
>>> Since then I have added more resources to help curve the attacks on other
>>> servers we have contracts on.
>>>
>>
>>>
>>>
>>> -BDF
>>> Sent from my iPhone
>>>
>>> On Dec 8, 2012, at 7:28 PM, "Cal Leeming [Simplicity Media Ltd]" <
>>> cal.leeming at simplicitymedialtd.co.uk> wrote:
>>>
>>> Hi Brian,
>>>
>>> I had contemplated replying off-list, but was interested to hear other
>>> peoples thoughts on this too.
>>>
>>> First - could you elaborate further on the 'bad apple' that you found,
>>> exactly what justifies an attempt to 'hack into our phone systems', and why
>>> this person in your story has been fired because of it?
>>>
>>> Second, in reference to the 180k IPs.. There are other companies out
>>> there that share abusive IP information from a variety of sources. Why do
>>> they share? Because it's nice to share. If the FreeSWITCH developers took
>>> the same attitude as your post here, then you wouldn't have FreeSWITCH.
>>>
>>> Third, why are you telling us this on a public mailing list? If the
>>> honeypots are designed to catch people unwittingly, then this post does the
>>> exact opposite. This leads me to think that a more probable story is that
>>> you actually don't have any honey pots (or the story is slightly
>>> exaggerated), and when you realised you gave out potentially damaging
>>> information, you panic'd and tried to discourage by asserting this email.
>>> If this is the case, then you are taking the lay approach of security
>>> through obscurity.
>>>
>>> Fourth, if someone is wanting to break into your phone system, they
>>> probably don't care about losing their job.. and if they do, then this post
>>> will just give them more reason to be careful about hiding themselves.
>>>
>>> I apologise in advance if this reply is inappropriate in anyway.
>>>
>>> Cal
>>>
>>> On Sat, Dec 8, 2012 at 11:05 PM, Brian Foster <bdfoster at endigotech.com>wrote:
>>>
>>>> Regarding a recent mailing list posting that included some of my IP
>>>> addresses, most of you don't know that I do set up honeypots in hopes of
>>>> catching some of the bad apples that try and hack into our phone systems.
>>>> We have a centralized list of Bad IP's that end up getting sent to all of
>>>> our other servers. Today, one of those servers was an IT guy that works for
>>>> one of my clients. He has since been fired. If anyone is interested in the
>>>> 180,000 IP's I've collected...sorry you can't have 'em.
>>>>
>>>> -BDF
>>>>
>>>> Sent from my iPhone
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>>
>>>>
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://wiki.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>>
>>>
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>>
>>>
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>>
>>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
>
> --
> Brian D. Foster
> Endigo Computer LLC
> Email: bdfoster at endigotech.com
> Phone: 317-800-7876
> Indianapolis, Indiana, USA
>
> This message contains confidential information and is intended for those
> listed in the "To:", "CC:", and/or "BCC:" fields of the message header. If
> you are not the intended recipient you are notified that disclosing,
> copying, distributing or taking any action in reliance on the contents of
> this information is strictly prohibited. E-mail transmission cannot be
> guaranteed to be secure or error-free as information could be intercepted,
> corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
> The sender therefore does not accept liability for any errors or omissions
> in the contents of this message, which arise as a result of e-mail
> transmission. If verification is required please request a hard-copy
> version.
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20121209/d09585be/attachment-0001.html
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list