[Freeswitch-users] SBC

Mimiko vbvbrj at gmail.com
Mon Dec 12 15:12:18 MSK 2016


On 12.12.2016 04:17, Kamil Nigmatullin wrote:
> I love freeswitch, but frankly I would not recomend to set it as SBC. I
> personally faced two attacks where FS was not good at. And we lost a lot
> of money. It works perfectly as NAT between internal and extenal
> networks, actually in everything but it is weak as a firewall. Stanislav
> knows that, he helped me to resolve the problem first time when it
> happend. I cannot go into details as this is open forum. You need to put
> either kamailio or opensips in front of FS.

Hello.

I have a FS for almost 4 year opened to the Internet for 
non-authenticated call to local extensions only and authenticated calls 
to external and local. Yes I've had attacks, some did a DDOS with packet 
spoofing. But using iptables and log I am clean now. The only attack I 
see is sending incorrect SIP packet. Which I see on my second monitor 
and block the IP. Just following wiki to use iptables, fail2ban, acls 
and so on.

-- 
Mimiko desu.



Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list