[Freeswitch-users] freeswitch hack
Mario Karakanovski
mario at ims.bg
Wed Feb 20 10:28:59 MSK 2013
Hi all,
For some days i noticed that somebody was able to register to my
freeswitch and trying to call international numbers. The attack is very
clever as the hacker logs at the night, trying to call international number
10-15 times while changing the prefix and go away.
The sip profile is connected directly to the internet and require
authentication:
auth-calls = true
auth-all-packets = true
There is no IP filtering as the service does not allow setting some.
Firewall blokes all port except TCP and UDP 5060 and required UDP media
ports. The authentication is made by directory.
What I wonder is how ones can authenticated with extension that not exist
and not described anywhere.
Can it be some security issue with freeswitch? Any ideas how to solve the
problem?
Regards,
Mario
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list