[Freeswitch-users] SBC
Dmitry Sytchev
kbdfck at gmail.com
Mon Dec 12 10:24:14 MSK 2016
Hi guys, your talk about limit bypassing recalled me old thread I
started in 2014:
http://lists.freeswitch.org/pipermail/freeswitch-users/2014-March/103474.html
We faced this type of attacks and were able to deal with it with this
approach. It can be used with recent FS versions w almost without
modifications. Of course, there can be some new functionality for this
I don't know about.
But I agree that FS is not an SBC, although it can be used in this
role in some cases.
2016-12-12 8:21 GMT+03:00 Ken Rice <krice at freeswitch.org>:
> You miss my point entirely… its not just CDR reporting, but its network
> traffic monitoring in general. There are things in FreeSWITCH specifically
> made to address this sort of attack. Limits can be applied in various ways,
> certain SIP features can be completely disable or handling in ways that
> allow for more stringent checks… for instance, why would you blindly follow
> a refer? That in and of itself is just asking to get owned.
>
>
>
>
>
>
>
> From: freeswitch-users-bounces at lists.freeswitch.org
> [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Kamil
> Nigmatullin
> Sent: Sunday, December 11, 2016 10:49 PM
> To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
> Subject: Re: [Freeswitch-users] SBC
>
>
>
> I understand that. But CDR comes after the call is done. Sometimes one
> minute costs 10$ and I understand this after 20 minutes. I agree that this
> things doest't guarantee anything but it is funcionality of so called SBC.
> And it helps almost in any case except attackers broke sip device and sends
> traffic from this devices where monitoring and various limitations are
> really important. And about REFFER attack it is really very dangerous thing
> that is not fixes yet.
>
>
>
> 2016-12-12 10:00 GMT+06:00 Ken Rice <krice at freeswitch.org>:
>
> You do realize all of these things can be chexked in freeswitch. However no
> amount of checking various things the user is sending will stop such fraud.
> This is where your cdr's and pattern analysis come into play. Theres a
> reason large providers have rooms full of fraud prevention people
>
> Sent from my iPhone
>
>
> On Dec 11, 2016, at 21:43, Kamil Nigmatullin <kamil.nigmatullin at gmail.com>
> wrote:
>
> The first was the problem, where attacker somehow got login and password (i
> think they broke thier ATA) from clinet and used it. But for this client
> there was a limit of one line. I used limit module with local database. What
> attacker actially did, is that they used REFER attack, where they put their
> own number as a referrer, and opened unlimited lines to PSTN. So the,
> solution was - to replace limit functunality to opensips.
>
>
>
> The second - it is not actually the FS issue. It is because Freeswitch is
> not flexible enouph to work at the low level where Kamailio or opensips
> operates. E.g, we programmed opensips to lookup for UserAgent database, we
> add useragent for each client manually. And only using client's IP and
> user-agent we allow this user to call to PSTN. We watch for blacklists of IP
> adresses, subnets. If it comes from Gaza, Panama, China we block it. And a
> lot of other things. Most of them is not out-of-box in opensips, but it is
> not hard to implement. All this functionality is very important. We lost
> about $10k last time. This is very serious.
>
>
>
> 2016-12-12 8:56 GMT+06:00 Alex Balashov <abalashov at evaristesys.com>:
>
> On Mon, Dec 12, 2016 at 08:17:57AM +0600, Kamil Nigmatullin wrote:
>
>> I love freeswitch, but frankly I would not recomend to set it as SBC. I
>> personally faced two attacks where FS was not good at. And we lost a lot
>> of
>> money. It works perfectly as NAT between internal and extenal networks,
>> actually in everything but it is weak as a firewall. Stanislav knows that,
>> he helped me to resolve the problem first time when it happend. I cannot
>> go
>> into details as this is open forum. You need to put either kamailio or
>> opensips in front of FS.
>
> Strongly agree.
>
> --
> Alex Balashov | Principal | Evariste Systems LLC
>
> Tel: +1-706-510-6800 (direct) / +1-800-250-5920 (toll-free)
> Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
>
> --
>
> Kamil Nigmatullin
> Tel: 77272323748
> mob: 7 (707) 2517003
> Skype: kamil.nigmatullin
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
>
> --
>
> Kamil Nigmatullin
> Tel: 77272323748
> mob: 7 (707) 2517003
> Skype: kamil.nigmatullin
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
--
Best regards,
Dmitry Sytchev,
IT Engineer
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list