[Freeswitch-users] Call Without Authorization

Shahzad Bhatti shahzad.bhatti at g-r-v.com
Mon Mar 3 19:32:11 MSK 2014


Catch the scenario here the hacker use external profile using port 5080
where sofia_contact is not checking and allow to pass the regex if user is
also register on internal profile hence TRUE the regex also and call
proceeds but in external profile configuration file when i make

auth-calls=true

call from hacker ip is not allowed but now i want to know is there any
better or professional way to avoid hacker calls. if any one have any
suggestion do reply me.

thanks in advance

Regards

Shahzad Bhatti

---------- Forwarded message ----------
From: Shahzad Bhatti <shahzad.bhatti at g-r-v.com>
Date: Fri, Feb 28, 2014 at 11:51 PM
Subject: Call Without Authorization
To: freeswitch-users at lists.freeswitch.org


Hi everybody,

i create my xml_curl script as that don't allow unregistered calls with the
following condition
*<condition field=\"\${sofia_contact */{$sipuser}@$domain}\"
expression=\"^[^@]+@(.+)\">*
and its working but yesterday a call is originated from having

*fs_cli log as *
http://pastebin.freeswitch.org/22050

*xml_cdr is*
http://pastebin.freeswitch.org/22052

*dialplan xml is *
http://pastebin.freeswitch.org/22054

this is only example that how the hacker breached

i want to know that
*1.  how it is possible that this call is originated as i check condition
that allow to call only  registered sip accounts.*
*2.  how to prevent that this would not happened in future. *
*3. if there any better way to do that do inform me;*

i check about 500 calls placed under the given scenario and many of them
also answered

Regards

Shahzad Bhatti
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140303/8d9478ea/attachment.html 


Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list