[Freeswitch-users] (no subject)
Steven Ayre
steveayre at gmail.com
Wed Oct 22 04:46:25 MSD 2014
Also do you know how the password was gained? If it was brute-forced look
at implementing a secure password policy and using fail2ban to detect and
block brute forcing attacks
On Wednesday, October 22, 2014, Stanislav Sinyagin <ssinyagin at gmail.com>
wrote:
> (now on a normal keyboard)
> Kamil,
>
> when you use the "limit" application and increase the user's counter, it
> keeps its value only within the context where it was originally called. If
> you, for example, used pieces of the original (Vanilla) FreeSWITCH
> configuration, there are bind_meta_app bindings which send the call into
> another context ("features"). Once it's done, the user's limit counter is
> lost, and you need to increment it again in the new context.
>
> Also, why don't you implement daily and monthly minute limits and block
> the user as soon as these limits are reached?
>
>
>
>
>
>
>
> On Tue, Oct 21, 2014 at 9:21 PM, Stanislav Sinyagin <ssinyagin at gmail.com
> <javascript:_e(%7B%7D,'cvml','ssinyagin at gmail.com');>> wrote:
>
>> Limit resets as soon as the call leaves the context - could that be the
>> reason?
>> On Oct 21, 2014 8:44 PM, "Kamil Nigmatullin" <kamil.nigmatullin at gmail.com
>> <javascript:_e(%7B%7D,'cvml','kamil.nigmatullin at gmail.com');>> wrote:
>>
>>> Dear all,
>>>
>>> Today we had an attack. One of our clients lost password to his SIP
>>> account. So with this password attackers made calls on our client's behalf
>>> to very expensive destinations.
>>>
>>> We have Opensips as a border controller and Freeswitch as a Softswitch.
>>> This phone was confugured for 1 concurrent line using module limit of FS.
>>> Howerver they somehow managed to make several concurrent calls per one
>>> account. On CDR's we found that there was Attended transfer. Does anybody
>>> knows what kind of attack was that and how I can protect us against this?
>>> Is it sip refer attack when attacker set REFERED BY HEADER?
>>>
>>> When I check if limit works whith a sipphone, I see that it worked 100%.
>>>
>>> Thanks in advance
>>>
>>> --
>>> Kamil Nigmatullin
>>> Tel: 77272323748
>>> mob: 7 (707) 2517003
>>> Skype: kamil.nigmatullin
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> <javascript:_e(%7B%7D,'cvml','consulting at freeswitch.org');>
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>>
>>>
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> <javascript:_e(%7B%7D,'cvml','FreeSWITCH-users at lists.freeswitch.org');>
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20141022/1303cccd/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list