[Freeswitch-users] freeswitch hack - solved
Mario Karakanovski
mario at ims.bg
Fri Feb 22 09:26:51 MSK 2013
Definitely my fault!
Somebody was open internet to test environment where external profile does
not require authentication.
Mario
_____
From: Mario Karakanovski [mailto:mario at ims.bg]
Sent: Thursday, February 21, 2013 8:36 AM
To: 'FreeSWITCH Users Help'
Subject: RE: [Freeswitch-users] freeswitch hack
In my situation all calls are rejected, but I think it is because they are
authenticated with invalid username.
My concern is how ones can authenticate in freeswitch with user that not
exists and never was configured. I was not able to reproduce that.
What I found so far: they use a couple of IPs. They send OPTIONS (only one
time) during the day and start try at the night. They tried a maximum of 100
calls.
I am still waiting to log some packet
Mario
_____
From: freeswitch-users-bounces at lists.freeswitch.org
[mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Michael
Collins
Sent: Wednesday, February 20, 2013 10:41 PM
To: FreeSWITCH Users Help
Subject: Re: [Freeswitch-users] freeswitch hack
Aren't they supposed to be rejected?
On Wed, Feb 20, 2013 at 11:19 AM, Blake Priddy <bpriddy at bryantschools.org>
wrote:
I have also had the situation that they are calls getting rejected.
On Wed, Feb 20, 2013 at 11:08 AM, Michael Collins <msc at freeswitch.org>
wrote:
On Wed, Feb 20, 2013 at 1:53 AM, Mario Karakanovski <mario at ims.bg> wrote:
Thanks Ken,
It is helpful, but I still think there is some security issue. I've double
check configuration. I've try to reproduce the issue trying to do direct
call (TCP and UDP) or authenticate with invalid user, but everything works
as expected - calls/authentication was rejected. I've decide to log the
traffic - maybe I will be able to see where is the problem.
What "security issue"? You said that they cannot make calls with the
passwords that they've guessed, correct? About the only thing left to do is
set up fail2ban <http://wiki.freeswitch.org/wiki/Fail2ban> and just shut
the door on them when they fail too many times.
-Michael
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
--
Blakelund Priddy
Network Systems Engineer
Bryant Public School District
Bryant, Arkansas 72022
<http://www.bryantschools.org/> http://www.bryantschools.org
p 501-653-5038
f 501-847-5656
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
--
Michael S Collins
Twitter: @mercutioviz
http://www.FreeSWITCH.org
http://www.ClueCon.com
http://www.OSTAG.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130222/ea69537f/attachment.html
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list