[Freeswitch-users] Call Without Authorization

Shahzad Bhatti shahzad.bhatti at g-r-v.com
Sun Mar 2 05:25:31 MSK 2014


Hi Everybody,
i am rephrasing my question that

i got a legal registered sip account 1001 on freeswitch

but some hacker who is not registered on my freeswitch
but use same 1001 account and make call.

i put condition in xml_dialplan to verify and allow only register sip
accounts to call
as

*<condition field=*

*"${sofia_contact */1001 at freeswitchIP}" expression="^[^@]+@(.+)">>*but
hacker find someway to pass the regex through some back whole in my script
and make calls

*dialplan xml is *
http://pastebin.freeswitch.org/22054
*fs_cli log as *
http://pastebin.freeswitch.org/22050
*xml_cdr is*
http://pastebin.freeswitch.org/22052

i also try to generate the scenario but got no success, but now want to know
how hacker made successful call in the above scenario and what is the best
way to prevent from hacking in future

Regards

Shahzad Bhatti


---------- Forwarded message ----------
From: Shahzad Bhatti <shahzad.bhatti at g-r-v.com>
Date: Fri, Feb 28, 2014 at 11:51 PM
Subject: Call Without Authorization
To: freeswitch-users at lists.freeswitch.org


Hi everybody,

i create my xml_curl script as that don't allow unregistered calls with the
following condition
*<condition field=\"\${sofia_contact */{$sipuser}@$domain}\"
expression=\"^[^@]+@(.+)\">*
and its working but yesterday a call is originated from having

*fs_cli log as *
http://pastebin.freeswitch.org/22050

*xml_cdr is*
http://pastebin.freeswitch.org/22052

*dialplan xml is *
http://pastebin.freeswitch.org/22054

this is only example that how the hacker breached

i want to know that
*1.  how it is possible that this call is originated as i check condition
that allow to call only  registered sip accounts.*
*2.  how to prevent that this would not happened in future. *
*3. if there any better way to do that do inform me;*

i check about 500 calls placed under the given scenario and many of them
also answered

Regards

Shahzad Bhatti
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140302/c7455e97/attachment-0001.html 


Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list