[Freeswitch-users] SBC
Ken Rice
krice at freeswitch.org
Mon Dec 12 08:21:03 MSK 2016
You miss my point entirely… its not just CDR reporting, but its network traffic monitoring in general. There are things in FreeSWITCH specifically made to address this sort of attack. Limits can be applied in various ways, certain SIP features can be completely disable or handling in ways that allow for more stringent checks… for instance, why would you blindly follow a refer? That in and of itself is just asking to get owned.
From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Kamil Nigmatullin
Sent: Sunday, December 11, 2016 10:49 PM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
Subject: Re: [Freeswitch-users] SBC
I understand that. But CDR comes after the call is done. Sometimes one minute costs 10$ and I understand this after 20 minutes. I agree that this things doest't guarantee anything but it is funcionality of so called SBC. And it helps almost in any case except attackers broke sip device and sends traffic from this devices where monitoring and various limitations are really important. And about REFFER attack it is really very dangerous thing that is not fixes yet.
2016-12-12 10:00 GMT+06:00 Ken Rice <krice at freeswitch.org <mailto:krice at freeswitch.org> >:
You do realize all of these things can be chexked in freeswitch. However no amount of checking various things the user is sending will stop such fraud. This is where your cdr's and pattern analysis come into play. Theres a reason large providers have rooms full of fraud prevention people
Sent from my iPhone
On Dec 11, 2016, at 21:43, Kamil Nigmatullin <kamil.nigmatullin at gmail.com <mailto:kamil.nigmatullin at gmail.com> > wrote:
The first was the problem, where attacker somehow got login and password (i think they broke thier ATA) from clinet and used it. But for this client there was a limit of one line. I used limit module with local database. What attacker actially did, is that they used REFER attack, where they put their own number as a referrer, and opened unlimited lines to PSTN. So the, solution was - to replace limit functunality to opensips.
The second - it is not actually the FS issue. It is because Freeswitch is not flexible enouph to work at the low level where Kamailio or opensips operates. E.g, we programmed opensips to lookup for UserAgent database, we add useragent for each client manually. And only using client's IP and user-agent we allow this user to call to PSTN. We watch for blacklists of IP adresses, subnets. If it comes from Gaza, Panama, China we block it. And a lot of other things. Most of them is not out-of-box in opensips, but it is not hard to implement. All this functionality is very important. We lost about $10k last time. This is very serious.
2016-12-12 8:56 GMT+06:00 Alex Balashov <abalashov at evaristesys.com <mailto:abalashov at evaristesys.com> >:
On Mon, Dec 12, 2016 at 08:17:57AM +0600, Kamil Nigmatullin wrote:
> I love freeswitch, but frankly I would not recomend to set it as SBC. I
> personally faced two attacks where FS was not good at. And we lost a lot of
> money. It works perfectly as NAT between internal and extenal networks,
> actually in everything but it is weak as a firewall. Stanislav knows that,
> he helped me to resolve the problem first time when it happend. I cannot go
> into details as this is open forum. You need to put either kamailio or
> opensips in front of FS.
Strongly agree.
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 <tel:%2B1-706-510-6800> (direct) / +1-800-250-5920 <tel:%2B1-800-250-5920> (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org <mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
--
Kamil Nigmatullin
Tel: 77272323748
mob: 7 (707) 2517003 <tel:(707)%20251-7003>
Skype: kamil.nigmatullin
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org <mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org <mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
--
Kamil Nigmatullin
Tel: 77272323748
mob: 7 (707) 2517003
Skype: kamil.nigmatullin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161211/e7e3e1ed/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list