[Freeswitch-users] Brute-force attack

Anton Kvashenkin anton.jugatsu at gmail.com
Thu Jun 14 12:27:23 MSD 2012


I would suggest to create separate profile for remote workers. For example,
external-road-warrios. So you can play with ext-rtp-ip and ext-sip-ip.

2012/6/14 Peter Olsson <peter.olsson at visionutveckling.se>

> I use both Windows and Linux systems. As long as you know how to manage
> both systems, there is not a big difference when it comes to exploits and
> general security (not anymore anyway, if you use current versions). I would
> say that the biggest issue here is the knowledge of the people managing the
> systems. And it's usually more secure to manage a system that you know,
> then a system you don't know much about, even though that system is
> considered to be more secure.
>
> Lots has happened since Windows 95 :)
>
> Anyway, for this kind of setup I would also prefer Linux, but mostly for
> the possibilites with fail2ban etc, which doesn't exist on Windows. I'm
> thinking of writiling something similar for Windows, hopefully I get som
> time for that soon...
>
> /Peter
>
> 14 jun 2012 kl. 07:51 skrev "Muhammad Shahzad" <shaheryarkh at googlemail.com
> <mailto:shaheryarkh at googlemail.com>>:
>
> I would strongly suggest to move your production system to Linux, which is
> by far secure and controllable then Windows. Right now, if somebody does
> not breaks into your voip setup using some bruteforce / DOS attack, s/he
> can still exploit some hole in Windows to crack your security. Windows is
> simply not secure enough to production grade performance.
>
> Thank you.
>
>
> On Thu, Jun 14, 2012 at 6:39 AM, Avi Marcus <avi at avimarcus.net<mailto:
> avi at avimarcus.net>> wrote:
> That's not necessarily the best kind of password... see
> http://xkcd.com/936/ and then http://tech.dropbox.com/?p=165
>
> -Avi
>
>
>
> On Thu, Jun 14, 2012 at 6:23 AM, jay binks <jaybinks at gmail.com<mailto:
> jaybinks at gmail.com>> wrote:
> > Strong passwords are a great start, but fail2ban does a little more than
> > this.
> >
> > you could move off port 5060 to something un-conventional, meaning your
> less
> > likely to get scanned / brute forced.
> >
> > Jay
> >
> > On 14 June 2012 12:27, ocset <ocset at the800group.com<mailto:
> ocset at the800group.com>> wrote:
> >>
> >> Hi
> >>
> >> I have deployed Freeswiitch on windows 7 and since there is no fail2ban
> >> on windows, I was wondering what the real risk is with opening it up to
> >> the internet. If I was to ensure that all users and passwords were
> >> extremely difficult to guess (passwords like "2$53E_d7?^2!3s$"), what
> >> are the risks that I am exposing myself to? Is there a type of DoS for
> >> voip where hackers can just flood my system with requests simply to be
> >> malicious?
> >>
> >> There are VB windows scripts available that emulate what fail2ban does
> >> on Linux but I was just wondering whether I really need to implement
> >> this level of security if I can control the password complexity in
> >> Freeswitch.
> >>
> >> Thanks
> >> O
> >>
> >>
> >>
> _________________________________________________________________________
> >> Professional FreeSWITCH Consulting Services:
> >> consulting at freeswitch.org<mailto:consulting at freeswitch.org>
> >> http://www.freeswitchsolutions.com
> >>
> >> 
> >> 
> >>
> >> Official FreeSWITCH Sites
> >> http://www.freeswitch.org
> >> http://wiki.freeswitch.org
> >> http://www.cluecon.com
> >>
> >> Join Us At ClueCon - Aug 7-9, 2012
> >>
> >> FreeSWITCH-users mailing list
> >> FreeSWITCH-users at lists.freeswitch.org<mailto:
> FreeSWITCH-users at lists.freeswitch.org>
> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> http://www.freeswitch.org
> >
> >
> >
> >
> > --
> > Sincerely
> >
> > Jay
> >
> > _________________________________________________________________________
> > Professional FreeSWITCH Consulting Services:
> > consulting at freeswitch.org<mailto:consulting at freeswitch.org>
> > http://www.freeswitchsolutions.com
> >
> > 
> > 
> >
> > Official FreeSWITCH Sites
> > http://www.freeswitch.org
> > http://wiki.freeswitch.org
> > http://www.cluecon.com
> >
> > Join Us At ClueCon - Aug 7-9, 2012
> >
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org<mailto:
> FreeSWITCH-users at lists.freeswitch.org>
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
> >
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org<mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> Join Us At ClueCon - Aug 7-9, 2012
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org<mailto:
> FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> --
> Muhammad Shahzad
> -----------------------------------
> CISCO Rich Media Communication Specialist (CRMCS)
> CISCO Certified Network Associate (CCNA)
> Cell: +92 334 422 40 88
> MSN: shari_786pk at hotmail.com<mailto:shari_786pk at hotmail.com>
> Email: shaheryarkh at googlemail.com<mailto:shaheryarkh at googlemail.com>
> !DSPAM:4fd978c432761360223007!
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org<mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> Join Us At ClueCon - Aug 7-9, 2012
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org<mailto:
> FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
> !DSPAM:4fd978c432761360223007!
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> Join Us At ClueCon - Aug 7-9, 2012
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120614/242100f1/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list