[Freeswitch-users] SDP in re-invite

Kamrul Khan dodul at live.com
Thu Oct 30 03:48:16 MSK 2014 

Hi,

Freeswitch is sending re-invites in each 60 seconds. And it comes with SDP which causes our WebRTC client on Mozilla browser to stop sending media. Is there a way to tell freeswitch not to send the re-invites with SDP? 

From: freeswitch-users-request at lists.freeswitch.org
Subject: FreeSWITCH-users Digest, Vol 100, Issue 106
To: freeswitch-users at lists.freeswitch.org
Date: Wed, 22 Oct 2014 07:31:36 +0400

Send FreeSWITCH-users mailing list submissions to
	freeswitch-users at lists.freeswitch.org
 
To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
or, via email, send a message with subject or body 'help' to
	freeswitch-users-request at lists.freeswitch.org
 
You can reach the person managing the list at
	freeswitch-users-owner at lists.freeswitch.org
 
When replying, please edit your Subject line so it is more specific
than "Re: Contents of FreeSWITCH-users digest..."


--Forwarded Message Attachment--
From: ssinyagin at gmail.com
To: freeswitch-users at lists.freeswitch.org
Date: Wed, 22 Oct 2014 02:35:02 +0200
Subject: Re: [Freeswitch-users] (no subject)

(now on a normal keyboard)
Kamil, 

when you use the "limit" application and increase the user's counter, it keeps its value only within the context where it was originally called. If you, for example, used pieces of the original (Vanilla) FreeSWITCH configuration, there are bind_meta_app bindings which send the call into another context ("features"). Once it's done, the user's limit counter is lost, and you need to increment it again in the new context.

Also, why don't you implement daily and monthly minute limits and block the user as soon as these limits are reached?




 


On Tue, Oct 21, 2014 at 9:21 PM, Stanislav Sinyagin <ssinyagin at gmail.com> wrote:
Limit resets as soon as the call leaves the context - could that be the reason?
On Oct 21, 2014 8:44 PM, "Kamil Nigmatullin" <kamil.nigmatullin at gmail.com> wrote:
Dear all, 

Today we had an attack. One of our 
clients lost password to his SIP account. So with this password 
attackers made calls on our client's behalf to very expensive 
destinations. 

We have Opensips as a border controller and 
Freeswitch as a Softswitch. This phone was confugured for 1 concurrent 
line using module limit of FS. Howerver they somehow managed to make 
several concurrent calls per one account. On CDR's we found that there 
was Attended transfer. Does anybody knows what kind of attack was that 
and how I can protect us against this? Is it sip refer attack when attacker set REFERED BY HEADER?

When I check if limit works whith a sipphone, I see that it worked 100%. 

Thanks in advance  
-- 
Kamil Nigmatullin
Tel: 77272323748
mob: 7 (707) 2517003
Skype: kamil.nigmatullin


_________________________________________________________________________

Professional FreeSWITCH Consulting Services:

consulting at freeswitch.org

http://www.freeswitchsolutions.com



Official FreeSWITCH Sites

http://www.freeswitch.org

http://confluence.freeswitch.org

http://www.cluecon.com



FreeSWITCH-powered IP PBX: The CudaTel Communication Server

http://www.cudatel.com



FreeSWITCH-users mailing list

FreeSWITCH-users at lists.freeswitch.org

http://lists.freeswitch.org/mailman/listinfo/freeswitch-users

UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users

http://www.freeswitch.org





--Forwarded Message Attachment--
From: steveayre at gmail.com
To: freeswitch-users at lists.freeswitch.org
Date: Wed, 22 Oct 2014 01:46:25 +0100
Subject: Re: [Freeswitch-users] (no subject)

Also do you know how the password was gained? If it was brute-forced look at implementing a secure password policy and using fail2ban to detect and block brute forcing attacks

On Wednesday, October 22, 2014, Stanislav Sinyagin <ssinyagin at gmail.com> wrote:
(now on a normal keyboard)
Kamil, 

when you use the "limit" application and increase the user's counter, it keeps its value only within the context where it was originally called. If you, for example, used pieces of the original (Vanilla) FreeSWITCH configuration, there are bind_meta_app bindings which send the call into another context ("features"). Once it's done, the user's limit counter is lost, and you need to increment it again in the new context.

Also, why don't you implement daily and monthly minute limits and block the user as soon as these limits are reached?




 


On Tue, Oct 21, 2014 at 9:21 PM, Stanislav Sinyagin <ssinyagin at gmail.com> wrote:
Limit resets as soon as the call leaves the context - could that be the reason?
On Oct 21, 2014 8:44 PM, "Kamil Nigmatullin" <kamil.nigmatullin at gmail.com> wrote:
Dear all, 

Today we had an attack. One of our 
clients lost password to his SIP account. So with this password 
attackers made calls on our client's behalf to very expensive 
destinations. 

We have Opensips as a border controller and 
Freeswitch as a Softswitch. This phone was confugured for 1 concurrent 
line using module limit of FS. Howerver they somehow managed to make 
several concurrent calls per one account. On CDR's we found that there 
was Attended transfer. Does anybody knows what kind of attack was that 
and how I can protect us against this? Is it sip refer attack when attacker set REFERED BY HEADER?

When I check if limit works whith a sipphone, I see that it worked 100%. 

Thanks in advance  
-- 
Kamil Nigmatullin
Tel: 77272323748
mob: 7 (707) 2517003
Skype: kamil.nigmatullin


_________________________________________________________________________

Professional FreeSWITCH Consulting Services:

consulting at freeswitch.org

http://www.freeswitchsolutions.com



Official FreeSWITCH Sites

http://www.freeswitch.org

http://confluence.freeswitch.org

http://www.cluecon.com



FreeSWITCH-powered IP PBX: The CudaTel Communication Server

http://www.cudatel.com



FreeSWITCH-users mailing list

FreeSWITCH-users at lists.freeswitch.org

http://lists.freeswitch.org/mailman/listinfo/freeswitch-users

UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users

http://www.freeswitch.org






--Forwarded Message Attachment--
From: krice at freeswitch.org
To: freeswitch-users at lists.freeswitch.org
Date: Wed, 22 Oct 2014 02:11:14 +0000
Subject: [Freeswitch-users] FreeSWITCH.org Infrastructure Upgrades Nearing	Completion

New Post on freeswitch.org from krice387

check it out at http://ift.tt/1yhZf5f

FreeSWITCH.org Infrastructure Upgrades Nearing Completion
The FreeSWITCH Core Team has been working crazy hours since last Friday to upgrade all the servers the servers that support FreeSWITCH.org!

At this time services such as jira, confluence, fisheye, stash and the G729 activation server are back to normal.

We are working to bring anything else we might have missed back online.

If you find something that’s broken please let us know.

If you wish to help sponsor this work hit the Donate button and put leave us a note it is to help with move expenses.




--Forwarded Message Attachment--
From: kamil.nigmatullin at gmail.com
To: freeswitch-users at lists.freeswitch.org
Date: Wed, 22 Oct 2014 09:31:02 +0600
Subject: Re: [Freeswitch-users] (no subject)

The password was lost by client. Not by brouteforce on other site and I defenetly use fail2ban.  That;s not the issue. 
I don't have any transfers within  meta bind app.  I think it was some kind of sip reffer attack.

2014-10-22 6:46 GMT+06:00 Steven Ayre <steveayre at gmail.com>:
Also do you know how the password was gained? If it was brute-forced look at implementing a secure password policy and using fail2ban to detect and block brute forcing attacks

On Wednesday, October 22, 2014, Stanislav Sinyagin <ssinyagin at gmail.com> wrote:
(now on a normal keyboard)
Kamil, 

when you use the "limit" application and increase the user's counter, it keeps its value only within the context where it was originally called. If you, for example, used pieces of the original (Vanilla) FreeSWITCH configuration, there are bind_meta_app bindings which send the call into another context ("features"). Once it's done, the user's limit counter is lost, and you need to increment it again in the new context.

Also, why don't you implement daily and monthly minute limits and block the user as soon as these limits are reached?




 


On Tue, Oct 21, 2014 at 9:21 PM, Stanislav Sinyagin <ssinyagin at gmail.com> wrote:
Limit resets as soon as the call leaves the context - could that be the reason?
On Oct 21, 2014 8:44 PM, "Kamil Nigmatullin" <kamil.nigmatullin at gmail.com> wrote:
Dear all, 

Today we had an attack. One of our 
clients lost password to his SIP account. So with this password 
attackers made calls on our client's behalf to very expensive 
destinations. 

We have Opensips as a border controller and 
Freeswitch as a Softswitch. This phone was confugured for 1 concurrent 
line using module limit of FS. Howerver they somehow managed to make 
several concurrent calls per one account. On CDR's we found that there 
was Attended transfer. Does anybody knows what kind of attack was that 
and how I can protect us against this? Is it sip refer attack when attacker set REFERED BY HEADER?

When I check if limit works whith a sipphone, I see that it worked 100%. 

Thanks in advance  
-- 
Kamil Nigmatullin
Tel: 77272323748
mob: 7 (707) 2517003
Skype: kamil.nigmatullin


_________________________________________________________________________

Professional FreeSWITCH Consulting Services:

consulting at freeswitch.org

http://www.freeswitchsolutions.com



Official FreeSWITCH Sites

http://www.freeswitch.org

http://confluence.freeswitch.org

http://www.cluecon.com



FreeSWITCH-powered IP PBX: The CudaTel Communication Server

http://www.cudatel.com



FreeSWITCH-users mailing list

FreeSWITCH-users at lists.freeswitch.org

http://lists.freeswitch.org/mailman/listinfo/freeswitch-users

UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users

http://www.freeswitch.org





_________________________________________________________________________

Professional FreeSWITCH Consulting Services:

consulting at freeswitch.org

http://www.freeswitchsolutions.com



Official FreeSWITCH Sites

http://www.freeswitch.org

http://confluence.freeswitch.org

http://www.cluecon.com



FreeSWITCH-powered IP PBX: The CudaTel Communication Server

http://www.cudatel.com



FreeSWITCH-users mailing list

FreeSWITCH-users at lists.freeswitch.org

http://lists.freeswitch.org/mailman/listinfo/freeswitch-users

UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users

http://www.freeswitch.org


-- 
Kamil Nigmatullin
Tel: 77272323748
mob: 7 (707) 2517003
Skype: kamil.nigmatullin
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20141030/98e09577/attachment-0001.html

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list