
They can&#39;t auth with a username that does not exist. The best they can do is try to guess user names and passwords. That&#39;s where Ken&#39;s best practices are quite useful. <br><br>-MC<br><br><div class="gmail_quote">

On Wed, Feb 20, 2013 at 10:35 PM, Mario Karakanovski <span dir="ltr">&lt;<a href="mailto:mario@ims.bg" target="_blank">mario@ims.bg</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


<div link="blue" vlink="blue" lang="BG">


<div>


<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy" lang="EN-US">In my situation all calls

are rejected, but I think it is because they are authenticated with invalid

username.<u></u><u></u></span></font></p>


<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy" lang="EN-US">My concern is how ones

can authenticate in freeswitch with user that not exists and never was

configured. I was not able to reproduce that.<u></u><u></u></span></font></p>


<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy" lang="EN-US">What I found so far: they

use a couple of IPs. They send OPTIONS (only one time) during the day and start

try at the night. They tried a maximum of 100 calls.<u></u><u></u></span></font></p>


<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy" lang="EN-US">I am still waiting to log

some packet<u></u><u></u></span></font></p>


<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy" lang="EN-US"><u></u> <u></u></span></font></p>


<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy" lang="EN-US">Mario <u></u><u></u></span></font></p>


<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy"><u></u> <u></u></span></font></p>


<div>


<div class="MsoNormal" style="text-align:center" align="center"><font size="3" face="Times New Roman"><span style="font-size:12.0pt" lang="EN-US">


<hr align="center" size="2" width="100%">


</span></font></div>


<p class="MsoNormal"><b><font face="Tahoma"><span style="font-size:10.0pt;font-family:Tahoma;font-weight:bold" lang="EN-US">From:</span></font></b><font face="Tahoma"><span style="font-size:10.0pt;font-family:Tahoma" lang="EN-US">

<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a>

[mailto:<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a>] <b><span style="font-weight:bold">On Behalf Of </span></b>Michael Collins<br>

<b><span style="font-weight:bold">Sent:</span></b> Wednesday, February 20, 2013

10:41 PM<br>

<b><span style="font-weight:bold">To:</span></b> FreeSWITCH Users Help<br>

<b><span style="font-weight:bold">Subject:</span></b> Re: [Freeswitch-users]

freeswitch hack</span></font><span lang="EN-US"><u></u><u></u></span></p>


</div>


<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><u></u> <u></u></span></font></p>


<p class="MsoNormal" style="margin-bottom:12.0pt"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Aren&#39;t they supposed to

be rejected?<u></u><u></u></span></font></p>


<div>


<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">On Wed, Feb 20, 2013 at 11:19 AM, Blake Priddy &lt;<a href="mailto:bpriddy@bryantschools.org" target="_blank">bpriddy@bryantschools.org</a>&gt;

wrote:<u></u><u></u></span></font></p>


<div>


<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">I have also had the situation that they are calls getting rejected.<u></u><u></u></span></font></p>


</div>


<div>


<p class="MsoNormal" style="margin-bottom:12.0pt"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><u></u> <u></u></span></font></p>


<div>


<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">On Wed, Feb 20, 2013 at 11:08 AM, Michael Collins &lt;<a href="mailto:msc@freeswitch.org" target="_blank">msc@freeswitch.org</a>&gt;

wrote:<u></u><u></u></span></font></p>


<div>


<p class="MsoNormal" style="margin-bottom:12.0pt"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><u></u> <u></u></span></font></p>


<div>


<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">On Wed, Feb 20, 2013 at 1:53 AM, Mario Karakanovski &lt;<a href="mailto:mario@ims.bg" target="_blank">mario@ims.bg</a>&gt; wrote:<u></u><u></u></span></font></p>


<div link="blue" vlink="blue">


<div>


<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy" lang="EN-US">Thanks Ken,</span></font><u></u><u></u></p>


<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy" lang="EN-US"> </span></font><u></u><u></u></p>


<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy" lang="EN-US">It is helpful, but I still think there is some

security issue. I’ve double check configuration. I’ve try to

reproduce the issue trying to do direct call (TCP and UDP) or authenticate with

invalid user, but everything works as expected – calls/authentication was

rejected. I’ve decide to log the traffic – maybe I will be able to

see where is the problem.</span></font><u></u><u></u></p>


</div>


</div>


<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><u></u> <u></u></span></font></p>


</div>


</div>


<p class="MsoNormal" style="margin-bottom:12.0pt"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">What &quot;security

issue&quot;? You said that they cannot make calls with the passwords that

they&#39;ve guessed, correct? About the only thing left to do is set up <a href="http://wiki.freeswitch.org/wiki/Fail2ban" target="_blank">fail2ban </a>and

just shut the door on them when they fail too many times.<font color="#888888"><span style="color:#888888"><br>

<br>

-Michael<br>

</span></font><br>

_________________________________________________________________________<br>

Professional FreeSWITCH Consulting Services:<br>

<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>

<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>

<br>

FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>

<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>

<br>

Official FreeSWITCH Sites<br>

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>

<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>

<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>

<br>

FreeSWITCH-users mailing list<br>

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><u></u><u></u></span></font></p>


</div>


<p class="MsoNormal"><font color="#888888" size="3" face="Times New Roman"><span style="font-size:12.0pt;color:#888888"><br>

<br clear="all">

<span><u></u><u></u></span></span></font></p>


<div>


<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><u></u> <u></u></span></font></p>


</div>


<p class="MsoNormal"><span><font color="#888888" size="3" face="Times New Roman"><span style="font-size:12.0pt;color:#888888">-- </span></font><u></u><u></u></span></p>


<div>


<div>


<p class="MsoNormal"><font color="#888888" face="Times New Roman"><span style="font-size:10.0pt;color:#888888"><img src="" border="0" width="96" height="93"><br>

</span></font><b><font color="#888888" face="Georgia"><span style="font-size:10.0pt;font-family:Georgia;color:#888888;font-weight:bold">Blakelund

Priddy</span></font></b><font><span style="font-size:10.0pt"><u></u><u></u></span></font></p>


<div>


<p class="MsoNormal"><font color="black" face="Georgia"><span style="font-size:10.0pt;font-family:Georgia">Network Systems

Engineer</span></font><font color="#500050" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:#500050"><br>

</span></font><font color="#500050" face="Georgia"><span style="font-size:10.0pt;font-family:Georgia;color:#500050">Bryant Public School District<br>

Bryant, Arkansas 72022<br>

</span></font><font color="#500050" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:#500050"><a href="http://www.bryantschools.org/" target="_blank"><font color="black" face="Georgia"><span style="font-family:Georgia;color:black">http://www.bryantschools.org</span></font></a><u></u><u></u></span></font></p>


</div>


<p class="MsoNormal"><font color="#888888" face="Georgia"><span style="font-size:10.0pt;font-family:Georgia;color:#888888">p <a href="tel:501-653-5038" value="+15016535038" target="_blank">501-653-5038</a><br>

f <a href="tel:501-847-5656" value="+15018475656" target="_blank">501-847-5656</a></span></font><font color="#888888"><span style="color:#888888"><u></u><u></u></span></font></p>


</div>


</div>


</div>


<p class="MsoNormal" style="margin-bottom:12.0pt"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><br>

_________________________________________________________________________<br>

Professional FreeSWITCH Consulting Services:<br>

<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>

<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>

<br>

FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>

<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>

<br>

Official FreeSWITCH Sites<br>

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>

<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>

<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>

<br>

FreeSWITCH-users mailing list<br>

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><span class="HOEnZb"><font color="#888888"><u></u><u></u></font></span></span></font></p><span class="HOEnZb"><font color="#888888">


</font></span></div><span class="HOEnZb"><font color="#888888">


<p class="MsoNormal" style="margin-bottom:12.0pt"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><br>

<br clear="all">

<br>

-- <br>

Michael S Collins<br>

Twitter: @mercutioviz<br>

<a href="http://www.FreeSWITCH.org" target="_blank">http://www.FreeSWITCH.org</a><br>

<a href="http://www.ClueCon.com" target="_blank">http://www.ClueCon.com</a><br>

<a href="http://www.OSTAG.org" target="_blank">http://www.OSTAG.org</a><u></u><u></u></span></font></p>


</font></span></div>


</div>


<br>_________________________________________________________________________<br>

Professional FreeSWITCH Consulting Services:<br>

<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>

<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>

<br>

FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>

<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>

<br>

Official FreeSWITCH Sites<br>

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>

<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>

<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>

<br>

FreeSWITCH-users mailing list<br>

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>

<br></blockquote></div><br><br clear="all"><br>-- <br>Michael S Collins<br>Twitter: @mercutioviz<br><a href="http://www.FreeSWITCH.org" target="_blank">http://www.FreeSWITCH.org</a><br><a href="http://www.ClueCon.com" target="_blank">http://www.ClueCon.com</a><br>

<a href="http://www.OSTAG.org" target="_blank">http://www.OSTAG.org</a><br><br>