[Freeswitch-users] Hacking FS issue
Todd Bailey
toddb at toddbailey.net
Wed Sep 26 22:28:04 MSD 2012
Hey All,
I just got an email from Frontier that there were several attempts to
make international calls.
I checked the log file and verified that somehow someone was able to get
access to FS from the internet.
here is a sample of the log
�[m�[36m2012-09-23 16:30:29.916821 [NOTICE] switch_channel.c:941 New
Channel sofia/internal/1000 at 50.47.85.167
[af778857-0188-4ed2-a82a-94ae749a02cb]
�[m�[32m2012-09-23 16:30:29.916821 [INFO] mod_dialplan_xml.c:485
Processing 1000 <1000>->01137168521352 in context default
�[m�[36m2012-09-23 16:30:29.936831 [NOTICE] switch_channel.c:941 New
Channel sofia/internal/01137168521352 at 192.168.1.5:5061
[d1243a78-c464-45fa-9215-e7b85e1221fc]
�[m�[36m2012-09-23 16:30:29.956842 [NOTICE] sofia.c:6132 Ring-Ready
sofia/internal/01137168521352 at 192.168.1.5:5061!
�[m�[36m2012-09-23 16:30:29.956842 [NOTICE] mod_sofia.c:2572 Ring-Ready
sofia/internal/1000 at 50.47.85.167!
�[m�[36m2012-09-23 16:30:29.956842 [NOTICE] switch_ivr_originate.c:519
Ring Ready sofia/internal/1000 at 50.47.85.167!
�[m�[36m2012-09-23 16:30:32.936826 [NOTICE] sofia.c:6777 Channel
[sofia/internal/01137168521352 at 192.168.1.5:5061] has been answered
�[m�[36m2012-09-23 16:30:32.956825 [NOTICE] sofia_glue.c:4176 Pre-Answer
sofia/internal/1000 at 50.47.85.167!
�[m�[36m2012-09-23 16:30:32.956825 [NOTICE] switch_ivr_originate.c:3303
Channel [sofia/internal/1000 at 50.47.85.167] has been answered
�[m�[36m2012-09-23 16:30:52.356865 [N�[m�[36m2012-09-23 16:30:29.916821
[NOTICE] switch_channel.c:941 New Channel
sofia/internal/1000 at 50.47.85.167 [af778857-0188-4ed2-a82a-94ae749a02cb]
�[m�[32m2012-09-23 16:30:29.916821 [INFO] mod_dialplan_xml.c:485
Processing 1000 <1000>->01137168521352 in context default
�[m�[36m2012-09-23 16:30:29.936831 [NOTICE] switch_channel.c:941 New
Channel sofia/internal/01137168521352 at 192.168.1.5:5061
[d1243a78-c464-45fa-9215-e7b85e1221fc]
�[m�[36m2012-09-23 16:30:29.956842 [NOTICE] sofia.c:6132 Ring-Ready
sofia/internal/01137168521352 at 192.168.1.5:5061!
�[m�[36m2012-09-23 16:30:29.956842 [NOTICE] mod_sofia.c:2572 Ring-Ready
sofia/internal/1000 at 50.47.85.167!
�[m�[36m2012-09-23 16:30:29.956842 [NOTICE] switch_ivr_originate.c:519
Ring Ready sofia/internal/1000 at 50.47.85.167!
�[m�[36m2012-09-23 16:30:32.936826 [NOTICE] sofia.c:6777 Channel
[sofia/internal/01137168521352 at 192.168.1.5:5061] has been answered
�[m�[36m2012-09-23 16:30:32.956825 [NOTICE] sofia_glue.c:4176 Pre-Answer
sofia/internal/1000 at 50.47.85.167!
�[m�[36m2012-09-23 16:30:32.956825 [NOTICE] switch_ivr_originate.c:3303
Channel [sofia/internal/1000 at 50.47.85.167] has been answered
�[m�[36m2012-09-23 16:30:52.356865 [NOTICE] switch_channel.c:941 New
Channel sofia/internal/1000 at 50.47.85.167
[4576bc76-144a-4f6f-8915-871b511c374d]
�[m�[32m2012-09-23 16:30:52.376830 [INFO] mod_dialplan_xml.c:485
Processing 1000 <1000>->01137168905352 in context defaultOTICE]
switch_channel.c:941 New Channel sofia/internal/1000 at 50.47.85.167
[4576bc76-144a-4f6f-8915-871b511c374d]
�[m�[32m2012-09-23 16:30:52.376830 [INFO] mod_dialplan_xml.c:485
Processing 1000 <1000>->01137168905352 in context default
At this point I'm at a loss how this is happening as I have multiple
firewalls in place that limit port access.
Can someone provide a few pointers on how to better secure FS running on
Linux systems?
thanks
--
-
-
- Best Regards,
-
- Todd Bailey
-
-
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list