[Freeswitch-users] SBC
Mimiko
vbvbrj at gmail.com
Mon Dec 12 15:12:18 MSK 2016
On 12.12.2016 04:17, Kamil Nigmatullin wrote:
> I love freeswitch, but frankly I would not recomend to set it as SBC. I
> personally faced two attacks where FS was not good at. And we lost a lot
> of money. It works perfectly as NAT between internal and extenal
> networks, actually in everything but it is weak as a firewall. Stanislav
> knows that, he helped me to resolve the problem first time when it
> happend. I cannot go into details as this is open forum. You need to put
> either kamailio or opensips in front of FS.
Hello.
I have a FS for almost 4 year opened to the Internet for
non-authenticated call to local extensions only and authenticated calls
to external and local. Yes I've had attacks, some did a DDOS with packet
spoofing. But using iptables and log I am clean now. The only attack I
see is sending incorrect SIP packet. Which I see on my second monitor
and block the IP. Just following wiki to use iptables, fail2ban, acls
and so on.
--
Mimiko desu.
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list