[Freeswitch-users] Brute-force attack

Dave R. Kompel drk at drkngs.net
Thu Jun 14 21:22:47 MSD 2012 

The problem with that, is it's parsing the windows event log. You could add scripts/code to FS to write failures to the application event log (or a custom one), but that's a lot more work then just putting all the code to do it all in a managed DLL that can be invoked via mod_managed. No external processes, no invoking PowerShelll or WScript/CScript.  
   
On another note, if you want to do this w/ external scripts or other external methods of interfacing w/ freeswitch, you may want to play with the RC (RTM is about 60 days away) of Windows 8/Server 2012. WMF 3.0 (Windows Managment Framework 3.0) has been extended so that the HTTP interfaces which were only SOAP WS-Managment in v2, have been extended to more endpoints, including REST/XML and OData (www.odata.org like the google or Netflix APIs). This makes it easy to do directly from any scripting language or external system.  
   
--Dave
      _____  

  From: Andrew Cassidy [mailto:andrew at cassidywebservices.co.uk]
To: FreeSWITCH Users Help [mailto:freeswitch-users at lists.freeswitch.org]
Sent: Thu, 14 Jun 2012 04:29:23 -0700
Subject: Re: [Freeswitch-users] Brute-force attack

It IS possible to use windows 7 powershell scripts run on a schedule to dynamically add and remove firewall rules, it's something a firend and I did before for RDP. The RDP version is here:  http://www.jonsdocs.org.uk/wiki/index.php/PSLogonFailures   

  
I'm sure with a little tweaking it can be made to work with freeswitch log files.

  
On 14 June 2012 11:58, Anton Kvashenkin <anton.jugatsu at gmail.com> wrote:
  For example, you don't need to open 5060 port to a whole world, just 5090 (the port you use for connecting road warriors). http://wiki.freeswitch.org/wiki/Nat   http://wiki.freeswitch.org/wiki/External_profile   
  


  
2012/6/14 ocset <ocset at the800group.com>
    
Anton

I know nothing about ext-rtp-ip and ext-sip-ip. Could you please explain how this will help in making the system more secure?

Thanks
O 
  
  

On 14/06/12 16:27, Anton Kvashenkin wrote:   I would suggest to create separate profile for remote workers. For example, external-road-warrios. So you can play with ext-rtp-ip and ext-sip-ip.

  
2012/6/14 Peter Olsson <peter.olsson at visionutveckling.se>
  I use both Windows and Linux systems. As long as you know how to manage both systems, there is not a big difference when it comes to exploits and general security (not anymore anyway, if you use current versions). I would say that the biggest issue here is the knowledge of the people managing the systems. And it's usually more secure to manage a system that you know, then a system you don't know much about, even though that system is considered to be more secure.

Lots has happened since Windows 95 :)

Anyway, for this kind of setup I would also prefer Linux, but mostly for the possibilites with fail2ban etc, which doesn't exist on Windows. I'm thinking of writiling something similar for Windows, hopefully I get som time for that soon...

/Peter

14 jun 2012 kl. 07:51 skrev "Muhammad Shahzad" <shaheryarkh at googlemail.com<mailto:shaheryarkh at googlemail.com>>:
  

I would strongly suggest to move your production system to Linux, which is by far secure and controllable then Windows. Right now, if somebody does not breaks into your voip setup using some bruteforce / DOS attack, s/he can still exploit some hole in Windows to crack your security. Windows is simply not secure enough to production grade performance.

Thank you.


  
On Thu, Jun 14, 2012 at 6:39 AM, Avi Marcus <avi at avimarcus.net<mailto:avi at avimarcus.net>> wrote:
That's not necessarily the best kind of password... see http://xkcd.com/936/ and then http://tech.dropbox.com/?p=165

-Avi



  
On Thu, Jun 14, 2012 at 6:23 AM, jay binks <jaybinks at gmail.com<mailto:jaybinks at gmail.com>> wrote:
> Strong passwords are a great start, but fail2ban does a little more than
> this.
>
> you could move off port 5060 to something un-conventional, meaning your less
> likely to get scanned / brute forced.
>
> Jay
>
  
> On 14 June 2012 12:27, ocset <ocset at the800group.com<mailto:ocset at the800group.com>> wrote:
>>
>> Hi
>>
>> I have deployed Freeswiitch on windows 7 and since there is no fail2ban
>> on windows, I was wondering what the real risk is with opening it up to
>> the internet. If I was to ensure that all users and passwords were
>> extremely difficult to guess (passwords like "2$53E_d7?^2!3s$"), what
>> are the risks that I am exposing myself to? Is there a type of DoS for
>> voip where hackers can just flood my system with requests simply to be
>> malicious?
>>
>> There are VB windows scripts available that emulate what fail2ban does
>> on Linux but I was just wondering whether I really need to implement
>> this level of security if I can control the password complexity in
>> Freeswitch.
>>
>> Thanks
>> O
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org<mailto:consulting at freeswitch.org>
  
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> Join Us At ClueCon - Aug 7-9, 2012
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
  
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
>
>
>
> --
> Sincerely
>
> Jay
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org<mailto:consulting at freeswitch.org>
  
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> Join Us At ClueCon - Aug 7-9, 2012
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
  
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
  
http://www.freeswitchsolutions.com




Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com

Join Us At ClueCon - Aug 7-9, 2012

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
  
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org




--
Muhammad Shahzad
-----------------------------------
CISCO Rich Media Communication Specialist (CRMCS)
CISCO Certified Network Associate (CCNA)
Cell: +92 334 422 40 88
MSN: shari_786pk at hotmail.com<mailto:shari_786pk at hotmail.com>
Email: shaheryarkh at googlemail.com<mailto:shaheryarkh at googlemail.com>
!DSPAM:4fd978c432761360223007!
  
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
  
http://www.freeswitchsolutions.com




Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com

Join Us At ClueCon - Aug 7-9, 2012

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
  
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


!DSPAM:4fd978c432761360223007!
  
  

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com




Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com

Join Us At ClueCon - Aug 7-9, 2012

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


   


_________________________________________________________________________  Professional FreeSWITCH Consulting Services:  consulting at freeswitch.org  http://www.freeswitchsolutions.com          Official FreeSWITCH Sites  http://www.freeswitch.org  http://wiki.freeswitch.org  http://www.cluecon.com    Join Us At ClueCon - Aug 7-9, 2012    FreeSWITCH-users mailing list  FreeSWITCH-users at lists.freeswitch.org  http://lists.freeswitch.org/mailman/listinfo/freeswitch-users  UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users  http://www.freeswitch.org  
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com




Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com

Join Us At ClueCon - Aug 7-9, 2012

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org



_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com




Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com

Join Us At ClueCon - Aug 7-9, 2012

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org



  

-- 
Andrew Cassidy BSc (Hons) MBCS SSCA  
Managing Director  
  

  

  
T 03300 100 960  F 03300 100 961  
E andrew at cassidywebservices.co.uk  
W www.cassidywebservices.co.uk
      
   
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120614/c6b16a1e/attachment-0001.html

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list