[Freeswitch-users] Inbound calls without registering

Avi Marcus avi at avimarcus.net
Fri Jun 14 18:01:30 MSD 2013


Indeed. There's more risk exposing SIP accounts to the all IPs (they can be
hacked/brute forced) than a straightforward public context. As far as I can
tell, you can set up the public context to be impervious to toll calls....
you might get some CDR spam, though.

-Avi

On Fri, Jun 14, 2013 at 4:49 PM, Matt Broad <matt at inveroak.com> wrote:

> Thanks for the suggestions Cal.  I do already have firewall settings in
> place on all ports so should be nice and secure from that point :)  I was
> thinking (and should probably be more clear) more about the toll fraud side
> of things, but I guess if I keep the public context well away from the
> default there should be no cross over.
>
>
> thanks
> Matt
>
>
> On 14 June 2013 14:37, Cal Leeming [Simplicity Media Ltd] <
> cal.leeming at simplicitymedialtd.co.uk> wrote:
>
>> There are hundreds, if not thousands, of ways your FS instance can become
>> compromised and vulnerable to toll fraud (or even remote execution,
>> depending on what you put in your config!).
>>
>> I'd personally advice not leaving your 5080 open to the wide internet,
>> consider putting it behind a firewall and allow only your providers to
>> contact 5080, and if possible, block 5060 as well (if you know the
>> IPs/CIDRs your phones are connecting in from).  You can also use acl.conf
>> to manage these restrictions, but if you are knew to FS then it's very easy
>> to get this wrong.
>>
>> Others may argue that using a firewall is overkill, and in some ways
>> complicates your deployment, but if you are new to FS then it's better to
>> be safe than sorry.
>>
>> If you haven't done so already, start having a look though the FS wiki
>> [1], and the examples provided in the FS repo [2] [3].
>>
>> Hope this helps!
>>
>> Cal
>>
>> [1] http://wiki.freeswitch.org/<http://wiki.freeswitch.org/wiki/Default_config>
>> [2] http://wiki.freeswitch.org/wiki/Default_config
>> [3] https://github.com/FreeSWITCH/FreeSWITCH/tree/master/conf/vanilla
>>
>> On Fri, Jun 14, 2013 at 2:15 PM, Matt Broad <matt at inveroak.com> wrote:
>>
>>> Hi,
>>>
>>> after taking a look it does seem that the calls are coming in on port
>>> 5060 which uses the internal context.
>>>
>>> If I have the provider send the traffic to port 5080, does this mean I
>>> just need to set up a dialplan in the public folder? And if so is there
>>> anything I should be aware of in regards to security?
>>>
>>> thanks
>>> Matt
>>>
>>>
>>> On 14 June 2013 14:04, Matt Broad <matt at inveroak.com> wrote:
>>>
>>>> thanks for the quick response Avi.
>>>> I have set up a test account with the provider and have set a number to
>>>> be directed to me without authentication.
>>>>
>>>> I see the call coming in but get the output:
>>>>
>>>> [WARNING] sofia_reg.c:2503 Can't find user [trunk1 at ipaddress]
>>>> You must define a domain called 'ipaddress' in your directory and add a
>>>> user with the id="trunk1" attribute
>>>> and you must configure your device to use the proper domain in it's
>>>> authentication credentials.
>>>>
>>>> (trunk1 and ipaddress are masks for the actual values).
>>>>
>>>>
>>>> Thanks
>>>> Matt
>>>>
>>>>
>>>> On 14 June 2013 12:47, Avi Marcus <avi at avimarcus.net> wrote:
>>>>
>>>>> By default the external profile is on port 5080 --calls to that
>>>>> profile don't require authentication, and get sent to the public context.
>>>>>
>>>>> -Avi
>>>>> On Jun 14, 2013 2:12 PM, "Matt Broad" <matt at inveroak.com> wrote:
>>>>>
>>>>>>  Hi,
>>>>>>
>>>>>> I have a Freeswitch server up and running and am able to make and
>>>>>> receive calls via my VOIP provider.
>>>>>> I have it set up that my Freeswitch registers to the provider and
>>>>>> then I receive/make calls via that gateway.
>>>>>>
>>>>>> I now have a new provider that will be providing just inbound calls.
>>>>>>  They have informed me that I do not need to register with them they will
>>>>>> just send the calls to my IP address.
>>>>>> My question is how do I configure Freeswitch to allow calls from an
>>>>>> IP address? I assume I need to setup an external SIP profile, but does this
>>>>>> not require a username and password?
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Thanks
>>>>>> Matt
>>>>>>
>>>>>> This email and any attachments to it are confidential and are
>>>>>> intended solely for the use of the individual to whom it is addressed. Any
>>>>>> views or opinions expressed are solely those of the author and do not
>>>>>> necessarily represent those of InverOak Limited.
>>>>>>
>>>>>> If you are not the intended recipient of this email, you must neither
>>>>>> take any action based upon its contents, nor copy or show it to anyone.
>>>>>> Please contact the sender if you believe you have received this email in
>>>>>> error.
>>>>>>
>>>>>> This email including any attachments cannot be guaranteed to be 100%
>>>>>> secure or error-free as information could be intercepted, corrupted, lost,
>>>>>> destroyed, out-dated, or containing viruses. The sender therefore does not
>>>>>> accept liability for any errors or omissions in the contents of this
>>>>>> message which arise as a result of email transmission.
>>>>>>
>>>>>> InverOak Limited is a company registered in England & Wales under
>>>>>> company number 04529594, whose registered address is Old Barn house, 2
>>>>>> Wannions Close, Botley, Chesham, Buckinghamshire, HP5 1YA, United Kingdom.
>>>>>>
>>>>>>
>>>>>> _________________________________________________________________________
>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>> consulting at freeswitch.org
>>>>>> http://www.freeswitchsolutions.com
>>>>>>
>>>>>> 
>>>>>> 
>>>>>>
>>>>>> Official FreeSWITCH Sites
>>>>>> http://www.freeswitch.org
>>>>>> http://wiki.freeswitch.org
>>>>>> http://www.cluecon.com
>>>>>>
>>>>>> FreeSWITCH-users mailing list
>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>> UNSUBSCRIBE:
>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>> http://www.freeswitch.org
>>>>>>
>>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> 
>>>>> 
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://wiki.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Thanks
>>>> Matt
>>>>
>>>> This email and any attachments to it are confidential and are intended
>>>> solely for the use of the individual to whom it is addressed. Any views or
>>>> opinions expressed are solely those of the author and do not necessarily
>>>> represent those of InverOak Limited.
>>>>
>>>> If you are not the intended recipient of this email, you must neither
>>>> take any action based upon its contents, nor copy or show it to anyone.
>>>> Please contact the sender if you believe you have received this email in
>>>> error.
>>>>
>>>> This email including any attachments cannot be guaranteed to be 100%
>>>> secure or error-free as information could be intercepted, corrupted, lost,
>>>> destroyed, out-dated, or containing viruses. The sender therefore does not
>>>> accept liability for any errors or omissions in the contents of this
>>>> message which arise as a result of email transmission.
>>>>
>>>> InverOak Limited is a company registered in England & Wales under
>>>> company number 04529594, whose registered address is Old Barn house, 2
>>>> Wannions Close, Botley, Chesham, Buckinghamshire, HP5 1YA, United Kingdom.
>>>>
>>>
>>>
>>>
>>> --
>>> Thanks
>>> Matt
>>>
>>> This email and any attachments to it are confidential and are intended
>>> solely for the use of the individual to whom it is addressed. Any views or
>>> opinions expressed are solely those of the author and do not necessarily
>>> represent those of InverOak Limited.
>>>
>>> If you are not the intended recipient of this email, you must neither
>>> take any action based upon its contents, nor copy or show it to anyone.
>>> Please contact the sender if you believe you have received this email in
>>> error.
>>>
>>> This email including any attachments cannot be guaranteed to be 100%
>>> secure or error-free as information could be intercepted, corrupted, lost,
>>> destroyed, out-dated, or containing viruses. The sender therefore does not
>>> accept liability for any errors or omissions in the contents of this
>>> message which arise as a result of email transmission.
>>>
>>> InverOak Limited is a company registered in England & Wales under
>>> company number 04529594, whose registered address is Old Barn house, 2
>>> Wannions Close, Botley, Chesham, Buckinghamshire, HP5 1YA, United Kingdom.
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
>
> --
> Thanks
> Matt
>
> This email and any attachments to it are confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of InverOak Limited.
>
> If you are not the intended recipient of this email, you must neither take
> any action based upon its contents, nor copy or show it to anyone. Please
> contact the sender if you believe you have received this email in error.
>
> This email including any attachments cannot be guaranteed to be 100%
> secure or error-free as information could be intercepted, corrupted, lost,
> destroyed, out-dated, or containing viruses. The sender therefore does not
> accept liability for any errors or omissions in the contents of this
> message which arise as a result of email transmission.
>
> InverOak Limited is a company registered in England & Wales under company
> number 04529594, whose registered address is Old Barn house, 2 Wannions
> Close, Botley, Chesham, Buckinghamshire, HP5 1YA, United Kingdom.
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130614/c1bd2694/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list