[Freeswitch-users] Brute-force attack

Anton Kvashenkin anton.jugatsu at gmail.com
Thu Jun 14 14:58:06 MSD 2012


For example, you don't need to open 5060 port to a whole world, just 5090
(the port you use for connecting road warriors).
http://wiki.freeswitch.org/wiki/Nat
http://wiki.freeswitch.org/wiki/External_profile

2012/6/14 ocset <ocset at the800group.com>

>  Anton
>
> I know nothing about ext-rtp-ip and ext-sip-ip. Could you please explain
> how this will help in making the system more secure?
>
> Thanks
> O
>
> On 14/06/12 16:27, Anton Kvashenkin wrote:
>
> I would suggest to create separate profile for remote workers. For
> example, external-road-warrios. So you can play with ext-rtp-ip and
> ext-sip-ip.
>
> 2012/6/14 Peter Olsson <peter.olsson at visionutveckling.se>
>
>> I use both Windows and Linux systems. As long as you know how to manage
>> both systems, there is not a big difference when it comes to exploits and
>> general security (not anymore anyway, if you use current versions). I would
>> say that the biggest issue here is the knowledge of the people managing the
>> systems. And it's usually more secure to manage a system that you know,
>> then a system you don't know much about, even though that system is
>> considered to be more secure.
>>
>> Lots has happened since Windows 95 :)
>>
>> Anyway, for this kind of setup I would also prefer Linux, but mostly for
>> the possibilites with fail2ban etc, which doesn't exist on Windows. I'm
>> thinking of writiling something similar for Windows, hopefully I get som
>> time for that soon...
>>
>> /Peter
>>
>> 14 jun 2012 kl. 07:51 skrev "Muhammad Shahzad" <
>> shaheryarkh at googlemail.com<mailto:shaheryarkh at googlemail.com>>:
>>
>> I would strongly suggest to move your production system to Linux, which
>> is by far secure and controllable then Windows. Right now, if somebody does
>> not breaks into your voip setup using some bruteforce / DOS attack, s/he
>> can still exploit some hole in Windows to crack your security. Windows is
>> simply not secure enough to production grade performance.
>>
>> Thank you.
>>
>>
>>  On Thu, Jun 14, 2012 at 6:39 AM, Avi Marcus <avi at avimarcus.net<mailto:
>> avi at avimarcus.net>> wrote:
>> That's not necessarily the best kind of password... see
>> http://xkcd.com/936/ and then http://tech.dropbox.com/?p=165
>>
>> -Avi
>>
>>
>>
>>  On Thu, Jun 14, 2012 at 6:23 AM, jay binks <jaybinks at gmail.com<mailto:
>> jaybinks at gmail.com>> wrote:
>> > Strong passwords are a great start, but fail2ban does a little more than
>> > this.
>> >
>> > you could move off port 5060 to something un-conventional, meaning your
>> less
>> > likely to get scanned / brute forced.
>> >
>> > Jay
>> >
>>  > On 14 June 2012 12:27, ocset <ocset at the800group.com<mailto:
>> ocset at the800group.com>> wrote:
>> >>
>> >> Hi
>> >>
>> >> I have deployed Freeswiitch on windows 7 and since there is no fail2ban
>> >> on windows, I was wondering what the real risk is with opening it up to
>> >> the internet. If I was to ensure that all users and passwords were
>> >> extremely difficult to guess (passwords like "2$53E_d7?^2!3s$"), what
>> >> are the risks that I am exposing myself to? Is there a type of DoS for
>> >> voip where hackers can just flood my system with requests simply to be
>> >> malicious?
>> >>
>> >> There are VB windows scripts available that emulate what fail2ban does
>> >> on Linux but I was just wondering whether I really need to implement
>> >> this level of security if I can control the password complexity in
>> >> Freeswitch.
>> >>
>> >> Thanks
>> >> O
>> >>
>> >>
>> >>
>> _________________________________________________________________________
>> >> Professional FreeSWITCH Consulting Services:
>>  >> consulting at freeswitch.org<mailto:consulting at freeswitch.org>
>> >> http://www.freeswitchsolutions.com
>> >>
>> >> 
>> >> 
>> >>
>> >> Official FreeSWITCH Sites
>> >> http://www.freeswitch.org
>> >> http://wiki.freeswitch.org
>> >> http://www.cluecon.com
>> >>
>> >> Join Us At ClueCon - Aug 7-9, 2012
>> >>
>> >> FreeSWITCH-users mailing list
>>  >> FreeSWITCH-users at lists.freeswitch.org<mailto:
>> FreeSWITCH-users at lists.freeswitch.org>
>> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >> UNSUBSCRIBE:
>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >> http://www.freeswitch.org
>> >
>> >
>> >
>> >
>> > --
>> > Sincerely
>> >
>> > Jay
>> >
>> >
>> _________________________________________________________________________
>> > Professional FreeSWITCH Consulting Services:
>>  > consulting at freeswitch.org<mailto:consulting at freeswitch.org>
>> > http://www.freeswitchsolutions.com
>> >
>> > 
>> > 
>> >
>> > Official FreeSWITCH Sites
>> > http://www.freeswitch.org
>> > http://wiki.freeswitch.org
>> > http://www.cluecon.com
>> >
>> > Join Us At ClueCon - Aug 7-9, 2012
>> >
>> > FreeSWITCH-users mailing list
>>  > FreeSWITCH-users at lists.freeswitch.org<mailto:
>> FreeSWITCH-users at lists.freeswitch.org>
>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> > UNSUBSCRIBE:
>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>> > http://www.freeswitch.org
>> >
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>>  consulting at freeswitch.org<mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> Join Us At ClueCon - Aug 7-9, 2012
>>
>> FreeSWITCH-users mailing list
>>  FreeSWITCH-users at lists.freeswitch.org<mailto:
>> FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>>
>>
>> --
>> Muhammad Shahzad
>> -----------------------------------
>> CISCO Rich Media Communication Specialist (CRMCS)
>> CISCO Certified Network Associate (CCNA)
>> Cell: +92 334 422 40 88
>>  MSN: shari_786pk at hotmail.com<mailto:shari_786pk at hotmail.com>
>> Email: shaheryarkh at googlemail.com<mailto:shaheryarkh at googlemail.com>
>> !DSPAM:4fd978c432761360223007!
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>>  consulting at freeswitch.org<mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> Join Us At ClueCon - Aug 7-9, 2012
>>
>> FreeSWITCH-users mailing list
>>  FreeSWITCH-users at lists.freeswitch.org<mailto:
>> FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>>  !DSPAM:4fd978c432761360223007!
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> Join Us At ClueCon - Aug 7-9, 2012
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:consulting at freeswitch.orghttp://www.freeswitchsolutions.com
>
> FreeSWITCH-powered IP PBX: The CudaTel Communication Server
>
> Official FreeSWITCH Siteshttp://www.freeswitch.orghttp://wiki.freeswitch.orghttp://www.cluecon.com
>
> Join Us At ClueCon - Aug 7-9, 2012
>
> FreeSWITCH-users mailing listFreeSWITCH-users at lists.freeswitch.orghttp://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-usershttp://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> Join Us At ClueCon - Aug 7-9, 2012
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120614/6930bc8c/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list