[Freeswitch-users] Outgoing calls from unknown users

Ken Rice krice at freeswitch.org
Fri Feb 22 17:00:34 MSK 2013


This is someone trying to hack your system... This is VERY common... You
will notice that each of these calls are to the same number, but they are
trying different prefixes...

How to avoid this,
A) make sure you are not using the default username and passwords for
registered sip users
B) don't allow unauthenticated calls to go back out to the PSTN
C) Use appropriate firewall rules to only allow places you should be getting
calls from
D) use something like Fail2Ban to block people attempting to make repeated
failed calls/registration attempts in a short period of time...

fail2ban will cu the crap out pretty quick as the attempts are from
automatted scripts...


On 2/22/13 7:26 AM, "Frederick Pruneau" <frederick at targointernet.com> wrote:

> Hi everyone!
> 
> I have found in the log files some international calls from unknown
> extensions. These extensions don't exist in my configuration. I tried to
> block them in my firewall (iptables on my freeswitch server) but they
> always use random IP adresses. Here is a short part of my Master.csv:
> 
> "1001","1001","0015972595646444","2013-02-22 02:05:27","","2013-02-22
> 02:05:27","0","NORMAL_CLEARING","3c876eae-7cbe-11e2-877f-b791adff5763","","","
> ",""
> "1001","1001","9011972595646444","2013-02-22 02:05:28","","2013-02-22
> 02:05:28","0","NORMAL_CLEARING","3d0d058c-7cbe-11e2-8783-b791adff5763","","","
> ",""
> "1001","1001","2011972595646444","2013-02-22 02:05:29","","2013-02-22
> 02:05:29","0","NORMAL_CLEARING","3da55576-7cbe-11e2-8787-b791adff5763","","","
> ",""
> "1001","1001","3011972595646444","2013-02-22 02:05:30","","2013-02-22
> 02:05:30","0","NORMAL_CLEARING","3e4727ca-7cbe-11e2-878b-b791adff5763","","","
> ",""
> "1001","1001","4011972595646444","2013-02-22 02:05:31","","2013-02-22
> 02:05:31","0","NORMAL_CLEARING","3eecc2e8-7cbe-11e2-878f-b791adff5763","","","
> ",""
> "1001","1001","5011972595646444","2013-02-22 02:05:32","","2013-02-22
> 02:05:32","0","NORMAL_CLEARING","3f633b94-7cbe-11e2-8793-b791adff5763","","","
> ",""
> "1001","1001","6011972595646444","2013-02-22 02:05:33","","2013-02-22
> 02:05:33","0","NORMAL_CLEARING","3fc49902-7cbe-11e2-8797-b791adff5763","","","
> ",""
> "1001","1001","7011972595646444","2013-02-22 02:05:33","","2013-02-22
> 02:05:33","0","NORMAL_CLEARING","403c0622-7cbe-11e2-879b-b791adff5763","","","
> ",""
> "1001","1001","8011972595646444","2013-02-22 02:05:34","","2013-02-22
> 02:05:34","0","NORMAL_CLEARING","40e61ef0-7cbe-11e2-879f-b791adff5763","","","
> ",""
> 
> With my configuration, I need to be registered to make a call. I tried
> to call with an unregistered phone and I was not able to make a call. I
> don't know how they are able to do this but I need to block them. Is
> there something that I am missing in my configuration to block unwanted
> extensions to make calls?
> 
> Thanks in advance!
> 
> 
> Fred
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> 
> 
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-- 
Ken
http://www.FreeSWITCH.org
http://www.ClueCon.com
http://www.OSTAG.org
irc.freenode.net #freeswitch





Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list