[Freeswitch-users] Security issue

Ahmed Habiba ahabiba at gmail.com
Sun Aug 16 02:53:39 MSD 2015


I face the same a while ago and after some analysts and investigations I applied the below solution which fixes my problem


I did a simple change to the external sip profile which resolved the issue from my point of view.

what I did is I add the below line to the external sip profile, which inform it to valid any request from external system against ACL list.

<param name="apply-inbound-acl" value="domains”/>


> 
> From: Anthony Minessale <anthony.minessale at gmail.com>
> Subject: Re: [Freeswitch-users] Security issue
> Date: August 15, 2015 at 5:12:55 PM GMT+3
> To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
> Reply-To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
> 
> 
> The public context is unauthentecared that is why its called public.  Only public facing extensions should be defined there.
> 
> The example configs are only a suggestion on how to run your server.  The best approach is to learn how the sofia profiles and contexts work to configure it to your needs.
> 
> On Saturday, August 15, 2015, Sergey Safarov <s.safarov at gmail.com <mailto:s.safarov at gmail.com>> wrote:
> 1) Output network_ip of received INVITE with appropriate comment like "Block for one day ip x.x.x.x"
> 2) Add fail2ban rule to search strings like "Block for one day ip x.x.x.x" and block ip
> 
> On Sat, Aug 15, 2015 at 12:18 PM, Nikolay Zaytsev <nzaytsevc at gmail.com <javascript:_e(%7B%7D,'cvml','nzaytsevc at gmail.com');>> wrote:
> Hi,all)
> I have the freeswitch on public ip with set up fail2ban.
> However, there is an external invites which proceed to dialplan's context public.
> How can I defend my freeswitch from such attaks?
> The log of such attack is in the attachment.
> Bets Regards,
> Nikolay Zaytsev 
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <javascript:_e(%7B%7D,'cvml','consulting at freeswitch.org');>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <javascript:_e(%7B%7D,'cvml','FreeSWITCH-users at lists.freeswitch.org');>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>
> 
> 
> 
> -- 
> Anthony Minessale II       ♬ @anthmfs  ♬ @FreeSWITCH  ♬
> 
>http://freeswitch.org/ <http://freeswitch.org/>  ☞ http://cluecon.com/ <http://cluecon.com/>  ☞ http://twitter.com/FreeSWITCH <http://twitter.com/FreeSWITCH>
> ☞ irc.freenode.net <http://irc.freenode.net/> #freeswitch ☞ http://freeswitch.org/g+ <http://freeswitch.org/g+>
> 
> ClueCon Weekly Development Call 
> ☎ sip:888 at conference.freeswitch.org <mailto:sip%3A888 at conference.freeswitch.org>  ☎ +19193869900 
> 
> https://www.youtube.com/watch?v=9XXgW34t40s <https://www.youtube.com/watch?v=9XXgW34t40s>
> https://www.youtube.com/watch?v=NLaDpGQuZDA <https://www.youtube.com/watch?v=NLaDpGQuZDA>
> 
> 
> 
> 
> From: Giovanni Maruzzelli <gmaruzz at gmail.com>
> Subject: Re: [Freeswitch-users] Security issue
> Date: August 15, 2015 at 5:22:47 PM GMT+3
> To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
> Reply-To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
> 
> 
> An external invite in default config go to the public context. That is the expected and correct behavior, in default config.
> 
> Eg: is where the incoming did calls would go, and then (in default config) are dispatched to local extensions (1000...1020).
> 
> Obviously, you can change the config to fit your needs.
> 
> -giovanni
> 
> sent from my mobile,
> Giovanni Maruzzelli
> cell: +39 347 266 56 18
> 
> On Aug 15, 2015 4:14 PM, "Anthony Minessale" <anthony.minessale at gmail.com <mailto:anthony.minessale at gmail.com>> wrote:
> The public context is unauthentecared that is why its called public.  Only public facing extensions should be defined there.
> 
> The example configs are only a suggestion on how to run your server.  The best approach is to learn how the sofia profiles and contexts work to configure it to your needs.
> 
> On Saturday, August 15, 2015, Sergey Safarov <s.safarov at gmail.com <mailto:s.safarov at gmail.com>> wrote:
> 1) Output network_ip of received INVITE with appropriate comment like "Block for one day ip x.x.x.x"
> 2) Add fail2ban rule to search strings like "Block for one day ip x.x.x.x" and block ip
> 
> On Sat, Aug 15, 2015 at 12:18 PM, Nikolay Zaytsev <nzaytsevc at gmail.com <>> wrote:
> Hi,all)
> I have the freeswitch on public ip with set up fail2ban.
> However, there is an external invites which proceed to dialplan's context public.
> How can I defend my freeswitch from such attaks?
> The log of such attack is in the attachment.
> Bets Regards,
> Nikolay Zaytsev 
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>
> 
> 
> 
> -- 
> Anthony Minessale II       ♬ @anthmfs  ♬ @FreeSWITCH  ♬
> 
>http://freeswitch.org/ <http://freeswitch.org/>  ☞ http://cluecon.com/ <http://cluecon.com/>  ☞ http://twitter.com/FreeSWITCH <http://twitter.com/FreeSWITCH>
> ☞ irc.freenode.net <http://irc.freenode.net/> #freeswitch ☞ http://freeswitch.org/g+ <http://freeswitch.org/g+>
> 
> ClueCon Weekly Development Call 
> ☎ sip:888 at conference.freeswitch.org <mailto:sip%3A888 at conference.freeswitch.org>  ☎ +19193869900 <tel:%2B19193869900> 
> 
> https://www.youtube.com/watch?v=9XXgW34t40s <https://www.youtube.com/watch?v=9XXgW34t40s>
> https://www.youtube.com/watch?v=NLaDpGQuZDA <https://www.youtube.com/watch?v=NLaDpGQuZDA>
> 
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150816/56919c57/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list