[Freeswitch-users] (no subject)

Stanislav Sinyagin ssinyagin at gmail.com
Tue Oct 21 23:21:22 MSD 2014


Limit resets as soon as the call leaves the context - could that be the
reason?
On Oct 21, 2014 8:44 PM, "Kamil Nigmatullin" <kamil.nigmatullin at gmail.com>
wrote:

> Dear all,
>
> Today we had an attack. One of our clients lost password to his SIP
> account. So with this password attackers made calls on our client's behalf
> to very expensive destinations.
>
> We have Opensips as a border controller and Freeswitch as a Softswitch.
> This phone was confugured for 1 concurrent line using module limit of FS.
> Howerver they somehow managed to make several concurrent calls per one
> account. On CDR's we found that there was Attended transfer. Does anybody
> knows what kind of attack was that and how I can protect us against this?
> Is it sip refer attack when attacker set REFERED BY HEADER?
>
> When I check if limit works whith a sipphone, I see that it worked 100%.
>
> Thanks in advance
>
> --
> Kamil Nigmatullin
> Tel: 77272323748
> mob: 7 (707) 2517003
> Skype: kamil.nigmatullin
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> 
> 
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20141021/28b6117f/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list