[Freeswitch-users] Receives call From Unknown Extensions

David Villasmil Govea david.villasmil at gmail.com
Wed Dec 24 13:50:36 MSK 2014


Hello,

At the very least I would say need to install and configure fail2ban
urgently,  it block ips which try to authenticate and fail. This saves you
from brute - force attacks.

Regards,

David
On Dec 24, 2014 2:19 AM, "Luis Daniel Lucio Quiroz" <
luis.daniel.lucio at gmail.com> wrote:

> Dont worry, your are a target of a kiddy script. As you dont use
> numeric extensions, they wont authenticate.  And as you are using
> multitenant, they should be targering the IP (as domain, for example
> 100 at 1.1.1.1) instead 100 at yourdomain.  So they wont be able to
> authenticate (if multidomain is on).
>
> CDR will still show the failled call. Its normal, FS is reporting a
> failed attempt.
>
> 2014-12-22 17:55 GMT-05:00 Thomas Auge <auge at virtues.net>:
> > To eliminate the guessing, check the logs which route the calls took
> through the system. It should contain the clues you
> > need. You might need to up the log level a bit ...
> >
> >
> > On 22.12.2014 19:44, Lloyd Aloysius wrote:
> >> Fail2Ban is running in the system
> >>
> >> I do not have any default dial plans or extensions.
> >>
> >>
> >>
> >>
> >>
> >> On Mon, Dec 22, 2014 at 5:35 PM, Thomas Auge <auge at virtues.net <mailto:
> auge at virtues.net>> wrote:
> >>
> >>     Do you still have the external domain enabled? I think it routes
> external calls matching a specific number theme (
> >>     ^(10[01][0-9])$ ) to the internal users through the pre-installed
> dialplan. It listens on different ports (5080/1).
> >>     Config is in sip_profiles/external.xml and dialplan/public.xml.
> >>
> >>     I see an insane amount of brute force attempts against our PBX', so
> if there is a way to get anywhere, you can expect
> >>     people to try it - over and over and over ... I can recommend
> fail2ban. :-)
> >>
> >>     Just guessing though, if I'm wrong, someone more knowledgeable will
> probably chime in. :)
> >>
> >>
> >>     On 22.12.2014 19:16, Lloyd Aloysius wrote:
> >>      > Hi All
> >>      >
> >>      > I have a  multi domain setup. We receive calls from unknown
> extensions (eg: 100 , 101,1000,1007 etc ).But there is no
> >>      >  voice in it.
> >>      >
> >>      > We do not have any default extensions in the system and all
> default extensions removed from the system.
> >>      >
> >>      > Users are authenticated by alphanumeric (like an email username)
> Eg: mike at mydomain.com <mailto:mike at mydomain.com>
> >>     and passwords are very
> >>      > complicated.
> >>      >
> >>      > How someone can call a user without authentication from these
> extensions?
> >>      >
> >>      > Please let me know how to solve this issue.
> >>      >
> >>      > Thanks Lloyd
> >>      >
> >>      >
> >>      >
> >>      >
> >>      >
> >>      >
> _________________________________________________________________________
> Professional FreeSWITCH Consulting
> >>      > Services: consulting at freeswitch.org <mailto:
> consulting at freeswitch.org> http://www.freeswitchsolutions.com
> >>      >
> >>      > Official FreeSWITCH Sites http://www.freeswitch.org
> http://confluence.freeswitch.org http://www.cluecon.com
> >>      >
> >>      > FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <mailto:
> FreeSWITCH-users at lists.freeswitch.org>
> >>      > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >>      > UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
> >>      >
> >>
> >>
> >>
>  _________________________________________________________________________
> >>     Professional FreeSWITCH Consulting Services:
> >>     consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> >>     http://www.freeswitchsolutions.com
> >>
> >>     Official FreeSWITCH Sites
> >>     http://www.freeswitch.org
> >>     http://confluence.freeswitch.org
> >>     http://www.cluecon.com
> >>
> >>     FreeSWITCH-users mailing list
> >>     FreeSWITCH-users at lists.freeswitch.org <mailto:
> FreeSWITCH-users at lists.freeswitch.org>
> >>     http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >>     UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >>     http://www.freeswitch.org
> >>
> >>
> >>
> >>
> >>
> _________________________________________________________________________
> >> Professional FreeSWITCH Consulting Services:
> >> consulting at freeswitch.org
> >> http://www.freeswitchsolutions.com
> >>
> >> Official FreeSWITCH Sites
> >> http://www.freeswitch.org
> >> http://confluence.freeswitch.org
> >> http://www.cluecon.com
> >>
> >> FreeSWITCH-users mailing list
> >> FreeSWITCH-users at lists.freeswitch.org
> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> http://www.freeswitch.org
> >>
> >
> >
> > _________________________________________________________________________
> > Professional FreeSWITCH Consulting Services:
> > consulting at freeswitch.org
> > http://www.freeswitchsolutions.com
> >
> > Official FreeSWITCH Sites
> > http://www.freeswitch.org
> > http://confluence.freeswitch.org
> > http://www.cluecon.com
> >
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20141224/537833ed/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list