[Freeswitch-users] SBC
David Villasmil
david.villasmil.work at gmail.com
Mon Dec 12 14:09:46 MSK 2016
At the very least start by looking at Homer (http://sipcapture.org/) which
works beautifully with kamailio (i assume also openSIPS) and freeswitch.
and it generates by default some nice graphs and alarms.
Regards,
David Villasmil
email: david.villasmil.work at gmail.com
phone: +34669448337
On Mon, Dec 12, 2016 at 10:19 AM, Stanislav Sinyagin <ssinyagin at gmail.com>
wrote:
> but that's part of a job for an end-to-end system designer, it's not
> something specific to a particular piece of software.
>
> For the scenario that Valter has described, FreeSWITCH (or two servers
> in a cluster) will do the job just fine. But of course it needs to be
> designed, configured and tested properly, with security in mind.
>
> I would agree, it's good to place Kamailio as the first-hop Internet
> gateway if you need to process INVITEs from unknown sources in
> Internet. It has nice features that minimize the impact of various DOS
> attacks or hacking. Also if you need to scale up, Kamailio will serve
> nicely as a load-balancer. But there's nothing wrong in placing
> FreeSWITCH alone in the Internet if you know what you're doing.
>
>
>
>
>
>
>
>
> On Mon, Dec 12, 2016 at 4:43 AM, Kamil Nigmatullin
> <kamil.nigmatullin at gmail.com> wrote:
> > The first was the problem, where attacker somehow got login and password
> (i
> > think they broke thier ATA) from clinet and used it. But for this client
> > there was a limit of one line. I used limit module with local database.
> What
> > attacker actially did, is that they used REFER attack, where they put
> their
> > own number as a referrer, and opened unlimited lines to PSTN. So the,
> > solution was - to replace limit functunality to opensips.
> >
> > The second - it is not actually the FS issue. It is because Freeswitch is
> > not flexible enouph to work at the low level where Kamailio or opensips
> > operates. E.g, we programmed opensips to lookup for UserAgent database,
> we
> > add useragent for each client manually. And only using client's IP and
> > user-agent we allow this user to call to PSTN. We watch for blacklists
> of IP
> > adresses, subnets. If it comes from Gaza, Panama, China we block it. And
> a
> > lot of other things. Most of them is not out-of-box in opensips, but it
> is
> > not hard to implement. All this functionality is very important. We lost
> > about $10k last time. This is very serious.
> >
> > 2016-12-12 8:56 GMT+06:00 Alex Balashov <abalashov at evaristesys.com>:
> >>
> >> On Mon, Dec 12, 2016 at 08:17:57AM +0600, Kamil Nigmatullin wrote:
> >>
> >> > I love freeswitch, but frankly I would not recomend to set it as SBC.
> I
> >> > personally faced two attacks where FS was not good at. And we lost a
> lot
> >> > of
> >> > money. It works perfectly as NAT between internal and extenal
> networks,
> >> > actually in everything but it is weak as a firewall. Stanislav knows
> >> > that,
> >> > he helped me to resolve the problem first time when it happend. I
> cannot
> >> > go
> >> > into details as this is open forum. You need to put either kamailio or
> >> > opensips in front of FS.
> >>
> >> Strongly agree.
> >>
> >> --
> >> Alex Balashov | Principal | Evariste Systems LLC
> >>
> >> Tel: +1-706-510-6800 (direct) / +1-800-250-5920 (toll-free)
> >> Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
> >>
> >> ____________________________________________________________
> _____________
> >> Professional FreeSWITCH Consulting Services:
> >> consulting at freeswitch.org
> >> http://www.freeswitchsolutions.com
> >>
> >> Official FreeSWITCH Sites
> >> http://www.freeswitch.org
> >> http://confluence.freeswitch.org
> >> http://www.cluecon.com
> >>
> >> FreeSWITCH-users mailing list
> >> FreeSWITCH-users at lists.freeswitch.org
> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/
> options/freeswitch-users
> >> http://www.freeswitch.org
> >
> >
> >
> >
> > --
> > Kamil Nigmatullin
> > Tel: 77272323748
> > mob: 7 (707) 2517003
> > Skype: kamil.nigmatullin
> >
> > ____________________________________________________________
> _____________
> > Professional FreeSWITCH Consulting Services:
> > consulting at freeswitch.org
> > http://www.freeswitchsolutions.com
> >
> > Official FreeSWITCH Sites
> > http://www.freeswitch.org
> > http://confluence.freeswitch.org
> > http://www.cluecon.com
> >
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161212/56980f63/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list