[Freeswitch-users] (no subject)

Kamil Nigmatullin kamil.nigmatullin at gmail.com
Tue Oct 21 22:42:33 MSD 2014


Dear all,

Today we had an attack. One of our clients lost password to his SIP
account. So with this password attackers made calls on our client's behalf
to very expensive destinations.

We have Opensips as a border controller and Freeswitch as a Softswitch.
This phone was confugured for 1 concurrent line using module limit of FS.
Howerver they somehow managed to make several concurrent calls per one
account. On CDR's we found that there was Attended transfer. Does anybody
knows what kind of attack was that and how I can protect us against this?
Is it sip refer attack when attacker set REFERED BY HEADER?

When I check if limit works whith a sipphone, I see that it worked 100%.

Thanks in advance

-- 
Kamil Nigmatullin
Tel: 77272323748
mob: 7 (707) 2517003
Skype: kamil.nigmatullin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20141022/c334ff18/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list