[Freeswitch-users] Suspicious Incoming Calls
Ahmed Habiba
ahabiba at gmail.com
Sat Feb 6 20:10:42 MSK 2016
Hello,
You have to use one of the below options:
Option1:
if you are not allowing another system to access you system without username and password i.e. you make your system as sip gateway for other trusted company, the you can remove the file named “external.xml” under /usr/local/freeswitch/conf/sip_profiles/, then either restart your instance or run “reload mod_sofia” in fs_cli
Note be sure that you take a copy of external.xml before you remove it.
Option2:
add the below line in you external.xml profile mentioned above, this will not allow any external system to login expect if it has been allowed in you ACL list or it has a username/password this will make things little hard, then you may install fail2ban module.
all cases you need to restart your profiles.
Thanks,
Ahmed Habiba
>
>
>
> From: Jude Mukundane <jude19love at gmail.com>
> Subject: Re: [Freeswitch-users] Suspicious Incoming Calls
> Date: February 6, 2016 at 6:50:23 PM GMT+3
> To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
> Reply-To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
>
>
> Hello Deepika,
>
> This is common for anyone running FS in the cloud with discoverable ports. Lots of people just run scripts that crawl the internet in search of SIP servers. After getting one they try bogus invites to try and see if they can get calls through - if your server is forwarding to PSTN, you could end up with a bill in thousands of dollars in minutest. In my case, I use a simple IP Table in Ubuntu (more like an access control list) to define allowed and non allowed IPs.
>
> Can someone please elaborate on a measure that inolves config level security because blocking out masses is not goot Internet Citizenry.
>
> Jude
>
> On Sat, Feb 6, 2016 at 2:24 PM, Deepika Yadav <deepikay at iiitd.ac.in <mailto:deepikay at iiitd.ac.in>> wrote:
> Hi,
>
> I have microsip installed in my windows configured for one or two SIP accounts for different Freeswitch servers. I am receiving a call from 2022 at myPublicIP repeatitively even if I disconnect from all the accounts, these Freeswitch servers are hosted at cloud machine.
>
> Is it a case of hacking the servers. What measures should I take to secure both my servers and system.
>
> Regards,
> Deepika
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160206/248d2206/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list