They can't auth with a username that does not exist. The best they can do is try to guess user names and passwords. That's where Ken's best practices are quite useful. <br><br>-MC<br><br><div class="gmail_quote">
On Wed, Feb 20, 2013 at 10:35 PM, Mario Karakanovski <span dir="ltr"><<a href="mailto:mario@ims.bg" target="_blank">mario@ims.bg</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div link="blue" vlink="blue" lang="BG">
<div>
<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy" lang="EN-US">In my situation all calls
are rejected, but I think it is because they are authenticated with invalid
username.<u></u><u></u></span></font></p>
<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy" lang="EN-US">My concern is how ones
can authenticate in freeswitch with user that not exists and never was
configured. I was not able to reproduce that.<u></u><u></u></span></font></p>
<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy" lang="EN-US">What I found so far: they
use a couple of IPs. They send OPTIONS (only one time) during the day and start
try at the night. They tried a maximum of 100 calls.<u></u><u></u></span></font></p>
<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy" lang="EN-US">I am still waiting to log
some packet<u></u><u></u></span></font></p>
<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy" lang="EN-US"><u></u> <u></u></span></font></p>
<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy" lang="EN-US">Mario <u></u><u></u></span></font></p>
<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy"><u></u> <u></u></span></font></p>
<div>
<div class="MsoNormal" style="text-align:center" align="center"><font size="3" face="Times New Roman"><span style="font-size:12.0pt" lang="EN-US">
<hr align="center" size="2" width="100%">
</span></font></div>
<p class="MsoNormal"><b><font face="Tahoma"><span style="font-size:10.0pt;font-family:Tahoma;font-weight:bold" lang="EN-US">From:</span></font></b><font face="Tahoma"><span style="font-size:10.0pt;font-family:Tahoma" lang="EN-US">
<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a>
[mailto:<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a>] <b><span style="font-weight:bold">On Behalf Of </span></b>Michael Collins<br>
<b><span style="font-weight:bold">Sent:</span></b> Wednesday, February 20, 2013
10:41 PM<br>
<b><span style="font-weight:bold">To:</span></b> FreeSWITCH Users Help<br>
<b><span style="font-weight:bold">Subject:</span></b> Re: [Freeswitch-users]
freeswitch hack</span></font><span lang="EN-US"><u></u><u></u></span></p>
</div>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><u></u> <u></u></span></font></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Aren't they supposed to
be rejected?<u></u><u></u></span></font></p>
<div>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">On Wed, Feb 20, 2013 at 11:19 AM, Blake Priddy <<a href="mailto:bpriddy@bryantschools.org" target="_blank">bpriddy@bryantschools.org</a>>
wrote:<u></u><u></u></span></font></p>
<div>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">I have also had the situation that they are calls getting rejected.<u></u><u></u></span></font></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><u></u> <u></u></span></font></p>
<div>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">On Wed, Feb 20, 2013 at 11:08 AM, Michael Collins <<a href="mailto:msc@freeswitch.org" target="_blank">msc@freeswitch.org</a>>
wrote:<u></u><u></u></span></font></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><u></u> <u></u></span></font></p>
<div>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">On Wed, Feb 20, 2013 at 1:53 AM, Mario Karakanovski <<a href="mailto:mario@ims.bg" target="_blank">mario@ims.bg</a>> wrote:<u></u><u></u></span></font></p>
<div link="blue" vlink="blue">
<div>
<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy" lang="EN-US">Thanks Ken,</span></font><u></u><u></u></p>
<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy" lang="EN-US"> </span></font><u></u><u></u></p>
<p class="MsoNormal"><font color="navy" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:navy" lang="EN-US">It is helpful, but I still think there is some
security issue. I’ve double check configuration. I’ve try to
reproduce the issue trying to do direct call (TCP and UDP) or authenticate with
invalid user, but everything works as expected – calls/authentication was
rejected. I’ve decide to log the traffic – maybe I will be able to
see where is the problem.</span></font><u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><u></u> <u></u></span></font></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">What "security
issue"? You said that they cannot make calls with the passwords that
they've guessed, correct? About the only thing left to do is set up <a href="http://wiki.freeswitch.org/wiki/Fail2ban" target="_blank">fail2ban </a>and
just shut the door on them when they fail too many times.<font color="#888888"><span style="color:#888888"><br>
<br>
-Michael<br>
</span></font><br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><u></u><u></u></span></font></p>
</div>
<p class="MsoNormal"><font color="#888888" size="3" face="Times New Roman"><span style="font-size:12.0pt;color:#888888"><br>
<br clear="all">
<span><u></u><u></u></span></span></font></p>
<div>
<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><u></u> <u></u></span></font></p>
</div>
<p class="MsoNormal"><span><font color="#888888" size="3" face="Times New Roman"><span style="font-size:12.0pt;color:#888888">-- </span></font><u></u><u></u></span></p>
<div>
<div>
<p class="MsoNormal"><font color="#888888" face="Times New Roman"><span style="font-size:10.0pt;color:#888888"><img src="" border="0" width="96" height="93"><br>
</span></font><b><font color="#888888" face="Georgia"><span style="font-size:10.0pt;font-family:Georgia;color:#888888;font-weight:bold">Blakelund
Priddy</span></font></b><font><span style="font-size:10.0pt"><u></u><u></u></span></font></p>
<div>
<p class="MsoNormal"><font color="black" face="Georgia"><span style="font-size:10.0pt;font-family:Georgia">Network Systems
Engineer</span></font><font color="#500050" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:#500050"><br>
</span></font><font color="#500050" face="Georgia"><span style="font-size:10.0pt;font-family:Georgia;color:#500050">Bryant Public School District<br>
Bryant, Arkansas 72022<br>
</span></font><font color="#500050" face="Arial"><span style="font-size:10.0pt;font-family:Arial;color:#500050"><a href="http://www.bryantschools.org/" target="_blank"><font color="black" face="Georgia"><span style="font-family:Georgia;color:black">http://www.bryantschools.org</span></font></a><u></u><u></u></span></font></p>
</div>
<p class="MsoNormal"><font color="#888888" face="Georgia"><span style="font-size:10.0pt;font-family:Georgia;color:#888888">p <a href="tel:501-653-5038" value="+15016535038" target="_blank">501-653-5038</a><br>
f <a href="tel:501-847-5656" value="+15018475656" target="_blank">501-847-5656</a></span></font><font color="#888888"><span style="color:#888888"><u></u><u></u></span></font></p>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><span class="HOEnZb"><font color="#888888"><u></u><u></u></font></span></span></font></p><span class="HOEnZb"><font color="#888888">
</font></span></div><span class="HOEnZb"><font color="#888888">
<p class="MsoNormal" style="margin-bottom:12.0pt"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><br>
<br clear="all">
<br>
-- <br>
Michael S Collins<br>
Twitter: @mercutioviz<br>
<a href="http://www.FreeSWITCH.org" target="_blank">http://www.FreeSWITCH.org</a><br>
<a href="http://www.ClueCon.com" target="_blank">http://www.ClueCon.com</a><br>
<a href="http://www.OSTAG.org" target="_blank">http://www.OSTAG.org</a><u></u><u></u></span></font></p>
</font></span></div>
</div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Michael S Collins<br>Twitter: @mercutioviz<br><a href="http://www.FreeSWITCH.org" target="_blank">http://www.FreeSWITCH.org</a><br><a href="http://www.ClueCon.com" target="_blank">http://www.ClueCon.com</a><br>
<a href="http://www.OSTAG.org" target="_blank">http://www.OSTAG.org</a><br><br>