[Freeswitch-users] SDP in re-invite
Kamrul Khan
dodul at live.com
Thu Oct 30 23:22:21 MSK 2014
Can anyone please help me with the below:
Hi,
Freeswitch is sending re-invites in each 60 seconds. And it comes with SDP which causes our WebRTC client on Mozilla browser to stop sending media. Is there a way to tell freeswitch not to send the re-invites with SDP?
From: freeswitch-users-request at lists.freeswitch.org
Subject: FreeSWITCH-users Digest, Vol 100, Issue 106
To: freeswitch-users at lists.freeswitch.org
Date: Wed, 22 Oct 2014 07:31:36 +0400
Send FreeSWITCH-users mailing list submissions to
freeswitch-users at lists.freeswitch.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
or, via email, send a message with subject or body 'help' to
freeswitch-users-request at lists.freeswitch.org
You can reach the person managing the list at
freeswitch-users-owner at lists.freeswitch.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of FreeSWITCH-users digest..."
--Forwarded Message Attachment--
From: ssinyagin at gmail.com
To: freeswitch-users at lists.freeswitch.org
Date: Wed, 22 Oct 2014 02:35:02 +0200
Subject: Re: [Freeswitch-users] (no subject)
(now on a normal keyboard)
Kamil,
when you use the "limit" application and increase the user's counter, it keeps its value only within the context where it was originally called. If you, for example, used pieces of the original (Vanilla) FreeSWITCH configuration, there are bind_meta_app bindings which send the call into another context ("features"). Once it's done, the user's limit counter is lost, and you need to increment it again in the new context.
Also, why don't you implement daily and monthly minute limits and block the user as soon as these limits are reached?
On Tue, Oct 21, 2014 at 9:21 PM, Stanislav Sinyagin <ssinyagin at gmail.com> wrote:
Limit resets as soon as the call leaves the context - could that be the reason?
On Oct 21, 2014 8:44 PM, "Kamil Nigmatullin" <kamil.nigmatullin at gmail.com> wrote:
Dear all,
Today we had an attack. One of our
clients lost password to his SIP account. So with this password
attackers made calls on our client's behalf to very expensive
destinations.
We have Opensips as a border controller and
Freeswitch as a Softswitch. This phone was confugured for 1 concurrent
line using module limit of FS. Howerver they somehow managed to make
several concurrent calls per one account. On CDR's we found that there
was Attended transfer. Does anybody knows what kind of attack was that
and how I can protect us against this? Is it sip refer attack when attacker set REFERED BY HEADER?
When I check if limit works whith a sipphone, I see that it worked 100%.
Thanks in advance
--
Kamil Nigmatullin
Tel: 77272323748
mob: 7 (707) 2517003
Skype: kamil.nigmatullin
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
http://www.cudatel.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
--Forwarded Message Attachment--
From: steveayre at gmail.com
To: freeswitch-users at lists.freeswitch.org
Date: Wed, 22 Oct 2014 01:46:25 +0100
Subject: Re: [Freeswitch-users] (no subject)
Also do you know how the password was gained? If it was brute-forced look at implementing a secure password policy and using fail2ban to detect and block brute forcing attacks
On Wednesday, October 22, 2014, Stanislav Sinyagin <ssinyagin at gmail.com> wrote:
(now on a normal keyboard)
Kamil,
when you use the "limit" application and increase the user's counter, it keeps its value only within the context where it was originally called. If you, for example, used pieces of the original (Vanilla) FreeSWITCH configuration, there are bind_meta_app bindings which send the call into another context ("features"). Once it's done, the user's limit counter is lost, and you need to increment it again in the new context.
Also, why don't you implement daily and monthly minute limits and block the user as soon as these limits are reached?
On Tue, Oct 21, 2014 at 9:21 PM, Stanislav Sinyagin <ssinyagin at gmail.com> wrote:
Limit resets as soon as the call leaves the context - could that be the reason?
On Oct 21, 2014 8:44 PM, "Kamil Nigmatullin" <kamil.nigmatullin at gmail.com> wrote:
Dear all,
Today we had an attack. One of our
clients lost password to his SIP account. So with this password
attackers made calls on our client's behalf to very expensive
destinations.
We have Opensips as a border controller and
Freeswitch as a Softswitch. This phone was confugured for 1 concurrent
line using module limit of FS. Howerver they somehow managed to make
several concurrent calls per one account. On CDR's we found that there
was Attended transfer. Does anybody knows what kind of attack was that
and how I can protect us against this? Is it sip refer attack when attacker set REFERED BY HEADER?
When I check if limit works whith a sipphone, I see that it worked 100%.
Thanks in advance
--
Kamil Nigmatullin
Tel: 77272323748
mob: 7 (707) 2517003
Skype: kamil.nigmatullin
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
http://www.cudatel.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
--Forwarded Message Attachment--
From: krice at freeswitch.org
To: freeswitch-users at lists.freeswitch.org
Date: Wed, 22 Oct 2014 02:11:14 +0000
Subject: [Freeswitch-users] FreeSWITCH.org Infrastructure Upgrades Nearing Completion
New Post on freeswitch.org from krice387
check it out at http://ift.tt/1yhZf5f
FreeSWITCH.org Infrastructure Upgrades Nearing Completion
The FreeSWITCH Core Team has been working crazy hours since last Friday to upgrade all the servers the servers that support FreeSWITCH.org!
At this time services such as jira, confluence, fisheye, stash and the G729 activation server are back to normal.
We are working to bring anything else we might have missed back online.
If you find something that’s broken please let us know.
If you wish to help sponsor this work hit the Donate button and put leave us a note it is to help with move expenses.
--Forwarded Message Attachment--
From: kamil.nigmatullin at gmail.com
To: freeswitch-users at lists.freeswitch.org
Date: Wed, 22 Oct 2014 09:31:02 +0600
Subject: Re: [Freeswitch-users] (no subject)
The password was lost by client. Not by brouteforce on other site and I defenetly use fail2ban. That;s not the issue.
I don't have any transfers within meta bind app. I think it was some kind of sip reffer attack.
2014-10-22 6:46 GMT+06:00 Steven Ayre <steveayre at gmail.com>:
Also do you know how the password was gained? If it was brute-forced look at implementing a secure password policy and using fail2ban to detect and block brute forcing attacks
On Wednesday, October 22, 2014, Stanislav Sinyagin <ssinyagin at gmail.com> wrote:
(now on a normal keyboard)
Kamil,
when you use the "limit" application and increase the user's counter, it keeps its value only within the context where it was originally called. If you, for example, used pieces of the original (Vanilla) FreeSWITCH configuration, there are bind_meta_app bindings which send the call into another context ("features"). Once it's done, the user's limit counter is lost, and you need to increment it again in the new context.
Also, why don't you implement daily and monthly minute limits and block the user as soon as these limits are reached?
On Tue, Oct 21, 2014 at 9:21 PM, Stanislav Sinyagin <ssinyagin at gmail.com> wrote:
Limit resets as soon as the call leaves the context - could that be the reason?
On Oct 21, 2014 8:44 PM, "Kamil Nigmatullin" <kamil.nigmatullin at gmail.com> wrote:
Dear all,
Today we had an attack. One of our
clients lost password to his SIP account. So with this password
attackers made calls on our client's behalf to very expensive
destinations.
We have Opensips as a border controller and
Freeswitch as a Softswitch. This phone was confugured for 1 concurrent
line using module limit of FS. Howerver they somehow managed to make
several concurrent calls per one account. On CDR's we found that there
was Attended transfer. Does anybody knows what kind of attack was that
and how I can protect us against this? Is it sip refer attack when attacker set REFERED BY HEADER?
When I check if limit works whith a sipphone, I see that it worked 100%.
Thanks in advance
--
Kamil Nigmatullin
Tel: 77272323748
mob: 7 (707) 2517003
Skype: kamil.nigmatullin
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
http://www.cudatel.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
http://www.cudatel.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
--
Kamil Nigmatullin
Tel: 77272323748
mob: 7 (707) 2517003
Skype: kamil.nigmatullin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20141031/10e31bd5/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list