[Freeswitch-users] Security issue

Nikolay Zaytsev nzaytsevc at gmail.com
Sat Aug 15 13:18:43 MSD 2015


Hi,all)
I have the freeswitch on public ip with set up fail2ban.
However, there is an external invites which proceed to dialplan's context
public.
How can I defend my freeswitch from such attaks?
The log of such attack is in the attachment.
Bets Regards,
Nikolay Zaytsev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150815/c30f7e35/attachment.html 
-------------- next part --------------
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [NOTICE] switch_channel.c:1075 New Channel sofia/external/2101 at x.x.x.x [ade01da8-42be-11e5-b00f-6314d7d236b5]
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_session.c:1061 Send signal sofia/external/2101 at x.x.x.x [BREAK]
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_session.c:1061 Send signal sofia/external/2101 at x.x.x.x [BREAK]
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:472 (sofia/external/2101 at x.x.x.x) Running State Change CS_NEW
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] sofia.c:8917 sofia/external/2101 at x.x.x.x receiving invite from 23.92.80.41:5076 version: 1.4.20 git bf08a37 2015-07-24 01:36:13Z 32bit
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] sofia.c:6634 Channel sofia/external/2101 at x.x.x.x entering state [received][100]
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] sofia.c:6644 Remote SDP:
ade01da8-42be-11e5-b00f-6314d7d236b5 v=0
ade01da8-42be-11e5-b00f-6314d7d236b5 o=sipcli-Session 206489020 1589303248 IN IP4 23.92.80.41
ade01da8-42be-11e5-b00f-6314d7d236b5 s=sipcli
ade01da8-42be-11e5-b00f-6314d7d236b5 c=IN IP4 23.92.80.41
ade01da8-42be-11e5-b00f-6314d7d236b5 t=0 0
ade01da8-42be-11e5-b00f-6314d7d236b5 m=audio 5077 RTP/AVP 18 0 8 101
ade01da8-42be-11e5-b00f-6314d7d236b5 a=rtpmap:18 G729/8000
ade01da8-42be-11e5-b00f-6314d7d236b5 a=rtpmap:0 PCMU/8000
ade01da8-42be-11e5-b00f-6314d7d236b5 a=rtpmap:8 PCMA/8000
ade01da8-42be-11e5-b00f-6314d7d236b5 a=rtpmap:101 telephone-event/8000
ade01da8-42be-11e5-b00f-6314d7d236b5 a=fmtp:101 0-15
ade01da8-42be-11e5-b00f-6314d7d236b5 a=ptime:20
ade01da8-42be-11e5-b00f-6314d7d236b5 
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] sofia.c:6910 (sofia/external/2101 at x.x.x.x) State Change CS_NEW -> CS_INIT
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_session.c:1396 Send signal sofia/external/2101 at x.x.x.x [BREAK]
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:491 (sofia/external/2101 at x.x.x.x) State NEW
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:472 (sofia/external/2101 at x.x.x.x) Running State Change CS_INIT
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:512 (sofia/external/2101 at x.x.x.x) State INIT
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] mod_sofia.c:87 sofia/external/2101 at x.x.x.x SOFIA INIT
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:40 sofia/external/2101 at x.x.x.x Standard INIT
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:48 (sofia/external/2101 at x.x.x.x) State Change CS_INIT -> CS_ROUTING
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_session.c:1396 Send signal sofia/external/2101 at x.x.x.x [BREAK]
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:512 (sofia/external/2101 at x.x.x.x) State INIT going to sleep
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:472 (sofia/external/2101 at x.x.x.x) Running State Change CS_ROUTING
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_channel.c:2204 (sofia/external/2101 at x.x.x.x) Callstate Change DOWN -> RINGING
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:528 (sofia/external/2101 at x.x.x.x) State ROUTING
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] mod_sofia.c:123 sofia/external/2101 at x.x.x.x SOFIA ROUTING
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:166 sofia/external/2101 at x.x.x.x Standard ROUTING
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [INFO] mod_dialplan_xml.c:635 Processing 2101 <2101>->+815058063010 in context public
ade01da8-42be-11e5-b00f-6314d7d236b5 Dialplan: sofia/external/2101 at x.x.x.x parsing [public->unloop] continue=false
ade01da8-42be-11e5-b00f-6314d7d236b5 Dialplan: sofia/external/2101 at x.x.x.x Regex (PASS) [unloop] ${unroll_loops}(true) =~ /^true$/ break=on-false
ade01da8-42be-11e5-b00f-6314d7d236b5 Dialplan: sofia/external/2101 at x.x.x.x Regex (FAIL) [unloop] ${sip_looped_call}() =~ /^true$/ break=on-false
ade01da8-42be-11e5-b00f-6314d7d236b5 Dialplan: sofia/external/2101 at x.x.x.x parsing [public->outside_call] continue=true
ade01da8-42be-11e5-b00f-6314d7d236b5 Dialplan: sofia/external/2101 at x.x.x.x Absolute Condition [outside_call]
ade01da8-42be-11e5-b00f-6314d7d236b5 Dialplan: sofia/external/2101 at x.x.x.x Action set(outside_call=true)
ade01da8-42be-11e5-b00f-6314d7d236b5 Dialplan: sofia/external/2101 at x.x.x.x Action export(RFC2822_DATE=${strftime(%a, %d %b %Y %T %z)})
ade01da8-42be-11e5-b00f-6314d7d236b5 Dialplan: sofia/external/2101 at x.x.x.x parsing [public->call_debug] continue=true
ade01da8-42be-11e5-b00f-6314d7d236b5 Dialplan: sofia/external/2101 at x.x.x.x Regex (FAIL) [call_debug] ${call_debug}(false) =~ /^true$/ break=never
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:216 (sofia/external/2101 at x.x.x.x) State Change CS_ROUTING -> CS_EXECUTE
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_session.c:1396 Send signal sofia/external/2101 at x.x.x.x [BREAK]
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:528 (sofia/external/2101 at x.x.x.x) State ROUTING going to sleep
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:472 (sofia/external/2101 at x.x.x.x) Running State Change CS_EXECUTE
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:535 (sofia/external/2101 at x.x.x.x) State EXECUTE
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] mod_sofia.c:178 sofia/external/2101 at x.x.x.x SOFIA EXECUTE
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:258 sofia/external/2101 at x.x.x.x Standard EXECUTE
ade01da8-42be-11e5-b00f-6314d7d236b5 EXECUTE sofia/external/2101 at x.x.x.x set(outside_call=true)
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] mod_dptools.c:1477 sofia/external/2101 at x.x.x.x SET [outside_call]=[true]
ade01da8-42be-11e5-b00f-6314d7d236b5 EXECUTE sofia/external/2101 at x.x.x.x export(RFC2822_DATE=Fri, 14 Aug 2015 22:57:23 +0300)
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_channel.c:1267 EXPORT (export_vars) [RFC2822_DATE]=[Fri, 14 Aug 2015 22:57:23 +0300]
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [NOTICE] switch_core_state_machine.c:315 sofia/external/2101 at x.x.x.x has executed the last dialplan instruction, hanging up.
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [NOTICE] switch_core_state_machine.c:317 Hangup sofia/external/2101 at x.x.x.x [CS_EXECUTE] [NORMAL_CLEARING]
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_channel.c:3242 Send signal sofia/external/2101 at x.x.x.x [KILL]
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_session.c:1396 Send signal sofia/external/2101 at x.x.x.x [BREAK]
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:535 (sofia/external/2101 at x.x.x.x) State EXECUTE going to sleep
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:472 (sofia/external/2101 at x.x.x.x) Running State Change CS_HANGUP
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:735 (sofia/external/2101 at x.x.x.x) Callstate Change RINGING -> HANGUP
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:737 (sofia/external/2101 at x.x.x.x) State HANGUP
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] mod_sofia.c:413 Channel sofia/external/2101 at x.x.x.x hanging up, cause: NORMAL_CLEARING
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] mod_sofia.c:549 Responding to INVITE with: 480
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:60 sofia/external/2101 at x.x.x.x Standard HANGUP, cause: NORMAL_CLEARING
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:737 (sofia/external/2101 at x.x.x.x) State HANGUP going to sleep
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:504 (sofia/external/2101 at x.x.x.x) State Change CS_HANGUP -> CS_REPORTING
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_session.c:1396 Send signal sofia/external/2101 at x.x.x.x [BREAK]
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:472 (sofia/external/2101 at x.x.x.x) Running State Change CS_REPORTING
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:823 (sofia/external/2101 at x.x.x.x) State REPORTING
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:104 sofia/external/2101 at x.x.x.x Standard REPORTING, cause: NORMAL_CLEARING
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:823 (sofia/external/2101 at x.x.x.x) State REPORTING going to sleep
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:498 (sofia/external/2101 at x.x.x.x) State Change CS_REPORTING -> CS_DESTROY
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_session.c:1396 Send signal sofia/external/2101 at x.x.x.x [BREAK]
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_session.c:1623 Session 3 (sofia/external/2101 at x.x.x.x) Locked, Waiting on external entities
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [NOTICE] switch_core_session.c:1641 Session 3 (sofia/external/2101 at x.x.x.x) Ended
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [NOTICE] switch_core_session.c:1645 Close Channel sofia/external/2101 at x.x.x.x [CS_DESTROY]
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:626 (sofia/external/2101 at x.x.x.x) Running State Change CS_DESTROY
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:636 (sofia/external/2101 at x.x.x.x) State DESTROY
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] mod_sofia.c:323 sofia/external/2101 at x.x.x.x SOFIA DESTROY
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:111 sofia/external/2101 at x.x.x.x Standard DESTROY
ade01da8-42be-11e5-b00f-6314d7d236b5 2015-08-14 22:57:23.291295 [DEBUG] switch_core_state_machine.c:636 (sofia/external/2101 at x.x.x.x) State DESTROY going to sleep


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list