[Freeswitch-users] Receives call From Unknown Extensions

Luis Daniel Lucio Quiroz luis.daniel.lucio at gmail.com
Wed Dec 24 04:17:47 MSK 2014


Dont worry, your are a target of a kiddy script. As you dont use
numeric extensions, they wont authenticate.  And as you are using
multitenant, they should be targering the IP (as domain, for example
100 at 1.1.1.1) instead 100 at yourdomain.  So they wont be able to
authenticate (if multidomain is on).

CDR will still show the failled call. Its normal, FS is reporting a
failed attempt.

2014-12-22 17:55 GMT-05:00 Thomas Auge <auge at virtues.net>:
> To eliminate the guessing, check the logs which route the calls took through the system. It should contain the clues you
> need. You might need to up the log level a bit ...
>
>
> On 22.12.2014 19:44, Lloyd Aloysius wrote:
>> Fail2Ban is running in the system
>>
>> I do not have any default dial plans or extensions.
>>
>>
>>
>>
>>
>> On Mon, Dec 22, 2014 at 5:35 PM, Thomas Auge <auge at virtues.net <mailto:auge at virtues.net>> wrote:
>>
>>     Do you still have the external domain enabled? I think it routes external calls matching a specific number theme (
>>     ^(10[01][0-9])$ ) to the internal users through the pre-installed dialplan. It listens on different ports (5080/1).
>>     Config is in sip_profiles/external.xml and dialplan/public.xml.
>>
>>     I see an insane amount of brute force attempts against our PBX', so if there is a way to get anywhere, you can expect
>>     people to try it - over and over and over ... I can recommend fail2ban. :-)
>>
>>     Just guessing though, if I'm wrong, someone more knowledgeable will probably chime in. :)
>>
>>
>>     On 22.12.2014 19:16, Lloyd Aloysius wrote:
>>      > Hi All
>>      >
>>      > I have a  multi domain setup. We receive calls from unknown extensions (eg: 100 , 101,1000,1007 etc ).But there is no
>>      >  voice in it.
>>      >
>>      > We do not have any default extensions in the system and all default extensions removed from the system.
>>      >
>>      > Users are authenticated by alphanumeric (like an email username) Eg: mike at mydomain.com <mailto:mike at mydomain.com>
>>     and passwords are very
>>      > complicated.
>>      >
>>      > How someone can call a user without authentication from these extensions?
>>      >
>>      > Please let me know how to solve this issue.
>>      >
>>      > Thanks Lloyd
>>      >
>>      >
>>      >
>>      >
>>      >
>>      > _________________________________________________________________________ Professional FreeSWITCH Consulting
>>      > Services: consulting at freeswitch.org <mailto:consulting at freeswitch.org> http://www.freeswitchsolutions.com
>>      >
>>      > Official FreeSWITCH Sites http://www.freeswitch.org http://confluence.freeswitch.org http://www.cluecon.com
>>      >
>>      > FreeSWITCH-users mailing list FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>      > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>      > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
>>      >
>>
>>
>>     _________________________________________________________________________
>>     Professional FreeSWITCH Consulting Services:
>>     consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>     http://www.freeswitchsolutions.com
>>
>>     Official FreeSWITCH Sites
>>     http://www.freeswitch.org
>>     http://confluence.freeswitch.org
>>     http://www.cluecon.com
>>
>>     FreeSWITCH-users mailing list
>>     FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>     http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>     UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>     http://www.freeswitch.org
>>
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org



Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list