[Freeswitch-users] SBC

David Villasmil david.villasmil.work at gmail.com
Mon Dec 12 07:02:56 MSK 2016


Kamil,

Thanks a lot for pointing this out.

Regards
On Mon, Dec 12, 2016 at 4:44 AM Kamil Nigmatullin <
kamil.nigmatullin at gmail.com> wrote:

The first was the problem, where attacker somehow got login and password (i
think they broke thier ATA) from clinet and used it. But for this client
there was a limit of one line. I used limit module with local database.
What attacker actially did, is that they used REFER attack, where they put
their own number as a referrer, and opened unlimited lines to PSTN. So the,
solution was - to replace limit functunality to opensips.

The second - it is not actually the FS issue. It is because Freeswitch is
not flexible enouph to work at the low level where Kamailio or opensips
operates. E.g, we programmed opensips to lookup for UserAgent database, we
add useragent for each client manually. And only using client's  IP and
user-agent we allow this user to call to PSTN. We watch for blacklists of
IP adresses, subnets. If it comes from Gaza, Panama, China we block it. And
a lot of other things. Most of them is not out-of-box in opensips, but it
is not hard to implement. All this functionality is very important. We lost
about $10k last time. This is very serious.

2016-12-12 8:56 GMT+06:00 Alex Balashov <abalashov at evaristesys.com>:

On Mon, Dec 12, 2016 at 08:17:57AM +0600, Kamil Nigmatullin wrote:

> I love freeswitch, but frankly I would not recomend to set it as SBC. I
> personally faced two attacks where FS was not good at. And we lost a lot
of
> money. It works perfectly as NAT between internal and extenal networks,
> actually in everything but it is weak as a firewall. Stanislav knows that,
> he helped me to resolve the problem first time when it happend. I cannot
go
> into details as this is open forum. You need to put either kamailio or
> opensips in front of FS.

Strongly agree.

--
Alex Balashov | Principal | Evariste Systems LLC

Tel: +1-706-510-6800 (direct) / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org




-- 
Kamil Nigmatullin
Tel: 77272323748
mob: 7 (707) 2517003
Skype: kamil.nigmatullin
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161212/31e074ec/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list