[Freeswitch-users] freeswitch hack

Mario Karakanovski mario at ims.bg
Thu Feb 21 09:35:52 MSK 2013


In my situation all calls are rejected, but I think it is because they are
authenticated with invalid username.

My concern is how ones can authenticate in freeswitch with user that not
exists and never was configured. I was not able to reproduce that.

What I found so far: they use a couple of IPs. They send OPTIONS (only one
time) during the day and start try at the night. They tried a maximum of 100
calls.

I am still waiting to log some packet

 

Mario 

 

  _____  

From: freeswitch-users-bounces at lists.freeswitch.org
[mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Michael
Collins
Sent: Wednesday, February 20, 2013 10:41 PM
To: FreeSWITCH Users Help
Subject: Re: [Freeswitch-users] freeswitch hack

 

Aren't they supposed to be rejected?

On Wed, Feb 20, 2013 at 11:19 AM, Blake Priddy <bpriddy at bryantschools.org>
wrote:

I have also had the situation that they are calls getting rejected.

 

On Wed, Feb 20, 2013 at 11:08 AM, Michael Collins <msc at freeswitch.org>
wrote:

 

On Wed, Feb 20, 2013 at 1:53 AM, Mario Karakanovski <mario at ims.bg> wrote:

Thanks Ken,

 

It is helpful, but I still think there is some security issue. I've double
check configuration. I've try to reproduce the issue trying to do direct
call (TCP and UDP) or authenticate with invalid user, but everything works
as expected - calls/authentication was rejected. I've decide to log the
traffic - maybe I will be able to see where is the problem.

 

What "security issue"? You said that they cannot make calls with the
passwords that they've guessed, correct? About the only thing left to do is
set up fail2ban  <http://wiki.freeswitch.org/wiki/Fail2ban> and just shut
the door on them when they fail too many times.

-Michael

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com




Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org





 

-- 


Blakelund Priddy

Network Systems Engineer
Bryant Public School District
Bryant, Arkansas 72022
 <http://www.bryantschools.org/> http://www.bryantschools.org

p 501-653-5038
f 501-847-5656


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com




Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org




-- 
Michael S Collins
Twitter: @mercutioviz
http://www.FreeSWITCH.org
http://www.ClueCon.com
http://www.OSTAG.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130221/4116a8f4/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list