<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Thanks guys for all your help!<br>
<br>
Le 2013-02-22 12:28, David Villasmil a écrit :<br>
</div>
<blockquote
cite="mid:F8FDC0FF-7275-45E7-8034-38A025F8D1F4@gmail.com"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<div>Also,</div>
<div><br>
</div>
<div>I always completely remove ALL sample routing in the default
dialplans, always.</div>
<div><br>
</div>
<div>When i need an extension, I add it.</div>
<div><br>
</div>
<div>There's another thread a about a user who left the external
dialplan and got hacked... </div>
<div><br>
</div>
<div>So always remove ALL routing!</div>
<div><br>
</div>
<div>David<br>
<br>
On Feb 22, 2013, at 18:23, David Villasmil <<a
moz-do-not-send="true"
href="mailto:david.villasmil.work@gmail.com">david.villasmil.work@gmail.com</a>>
wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<div>Since a long time ago i NEVER use ports
5060/5061/5080/5081...</div>
<div><br>
</div>
<div>Security by obscurity also helps (in my experience), in
addition to fail2ban... </div>
<div>You must ALWAYS setup fail2ban if you don't know the IPs
of your customers and so a firewall won't do much good.</div>
<div><br>
</div>
<div>But firewall+fail2ban+non-standard-ports is pretty safe
(of course in addition to authenticating)<br>
<br>
<br>
David<br>
On Feb 22, 2013, at 17:03, Ken Rice <<a
moz-do-not-send="true" href="mailto:krice@freeswitch.org">krice@freeswitch.org</a>>
wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<title>Re: [Freeswitch-users] Outgoing calls from unknown
users</title>
<font face="Monaco, Courier New"><span
style="font-size:11pt">If you were seeing a billtime
of 0 that means the calls were blocked... Some one was
probably hitting the “external” interface then hitting
the public context... This is allowed in the default
example configs for freeswitch, but calls coming in
that way are only allowed to actually do something if
a) they hit one of the pre-defined local extensions or
you have modified it to allow other calling.<br>
<br>
Why is it like this? This is so you can define your
local extensions and DIDs in the public context then
say hey you can just call me via sip to SIP:<a
moz-do-not-send="true"
href="mynumber_or_extension@hostname.or.ip.of.my.FS.box.com">mynumber_or_extension@hostname.or.ip.of.my.FS.box.com</a><br>
<br>
Bots will scan the internet (the entire internet) and
find your public profile is not doing sip challenge
response, then they will try to place calls. In your
logs they were trying to call a number in what appears
to be Palestine, this is very comon, as they are
probing to see if you let the calls pass by trying
various prefixes...<br>
<br>
As long as you are configuring the unauthenticated
interfaces to only allow calls for your local
extensions this is not a big dead, they will give up
and go away.<br>
<br>
<br>
<br>
On 2/22/13 9:48 AM, "Frederick Pruneau" <<a
moz-do-not-send="true"
href="frederick@targointernet.com">frederick@targointernet.com</a>>
wrote:<br>
<br>
</span></font>
<blockquote><font face="Monaco, Courier New"><span
style="font-size:11pt"> <br>
PB 20618<br>
<br>
Everytime, it is a 0 billsec. For now,
international calls are not authorized. But in a
near future, I want to authorized them.<br>
<br>
I verified what Ken wrote:<br>
<br>
A) make sure you are not using the default username
and passwords for<br>
registered sip users <b>(not using default
username and password. All default
users/extensions have been removed)<br>
</b> B) don't allow unauthenticated calls to go back
out to the PSTN <b>(I don't have PSTN lines)<br>
</b> C) Use appropriate firewall rules to only allow
places you should be getting<br>
calls from <b>(Already done)<br>
</b> D) use something like Fail2Ban to block people
attempting to make repeated<br>
failed calls/registration attempts in a short
period of time... <br>
<br>
Actually, I have fail2ban that blocks registration
attemps. I don't know how to block failed calls. Can
you guide me to a web site or help me to ban failed
calls?<br>
<br>
Thank you for your quick replies!<br>
<br>
Fred<br>
<br>
Le 2013-02-22 09:01, Christian Benke a écrit :<br>
<br>
<br>
</span></font>
<blockquote><font face="Monaco, Courier New"><span
style="font-size:11pt"> <br>
Do you have a logfile of these calls? Can you
please paste it to<br>
<a moz-do-not-send="true"
href="http://pastebin.freeswitch.org/">http://pastebin.freeswitch.org/</a>.
Otherwise, please paste your<br>
dialplans to pastebin so we can figure out what's
really happening<br>
with your calls, the csv has too little
information. Do all of these<br>
calls have 0 billsec?<br>
<br>
If possible, you should turn off FreeSWITCH till
you know the reason<br>
for this calls, it looks very much like your
system is not safe.<br>
<br>
Best regards,<br>
Christian<br>
<br>
--<br>
Central Asia by bike, starting May 2013 - <a
moz-do-not-send="true" href="http://poab.org">http://poab.org</a><br>
<br>
<br>
On 22 February 2013 14:26, Frederick Pruneau<br>
<<a moz-do-not-send="true"
href="frederick@targointernet.com">frederick@targointernet.com</a>>
<<a moz-do-not-send="true"
href="mailto:frederick@targointernet.com">mailto:frederick@targointernet.com</a>>
wrote:<br>
<br>
</span></font>
<blockquote><font face="Monaco, Courier New"><span
style="font-size:11pt"> <br>
Hi everyone!<br>
<br>
I have found in the log files some international
calls from unknown<br>
extensions. These extensions don't exist in my
configuration. I tried to<br>
block them in my firewall (iptables on my
freeswitch server) but they<br>
always use random IP adresses. Here is a short
part of my Master.csv:<br>
<br>
"1001","1001","0015972595646444","2013-02-22
02:05:27","","2013-02-22<br>
02:05:27","0","NORMAL_CLEARING","3c876eae-7cbe-11e2-877f-b791adff5763","","","",""<br>
"1001","1001","9011972595646444","2013-02-22
02:05:28","","2013-02-22<br>
02:05:28","0","NORMAL_CLEARING","3d0d058c-7cbe-11e2-8783-b791adff5763","","","",""<br>
"1001","1001","2011972595646444","2013-02-22
02:05:29","","2013-02-22<br>
02:05:29","0","NORMAL_CLEARING","3da55576-7cbe-11e2-8787-b791adff5763","","","",""<br>
"1001","1001","3011972595646444","2013-02-22
02:05:30","","2013-02-22<br>
02:05:30","0","NORMAL_CLEARING","3e4727ca-7cbe-11e2-878b-b791adff5763","","","",""<br>
"1001","1001","4011972595646444","2013-02-22
02:05:31","","2013-02-22<br>
02:05:31","0","NORMAL_CLEARING","3eecc2e8-7cbe-11e2-878f-b791adff5763","","","",""<br>
"1001","1001","5011972595646444","2013-02-22
02:05:32","","2013-02-22<br>
02:05:32","0","NORMAL_CLEARING","3f633b94-7cbe-11e2-8793-b791adff5763","","","",""<br>
"1001","1001","6011972595646444","2013-02-22
02:05:33","","2013-02-22<br>
02:05:33","0","NORMAL_CLEARING","3fc49902-7cbe-11e2-8797-b791adff5763","","","",""<br>
"1001","1001","7011972595646444","2013-02-22
02:05:33","","2013-02-22<br>
02:05:33","0","NORMAL_CLEARING","403c0622-7cbe-11e2-879b-b791adff5763","","","",""<br>
"1001","1001","8011972595646444","2013-02-22
02:05:34","","2013-02-22<br>
02:05:34","0","NORMAL_CLEARING","40e61ef0-7cbe-11e2-879f-b791adff5763","","","",""<br>
<br>
With my configuration, I need to be registered
to make a call. I tried<br>
to call with an unregistered phone and I was not
able to make a call. I<br>
don't know how they are able to do this but I
need to block them. Is<br>
there something that I am missing in my
configuration to block unwanted<br>
extensions to make calls?<br>
<br>
Thanks in advance!<br>
<br>
<br>
Fred<br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a moz-do-not-send="true"
href="consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel
Communication Server<br>
<a moz-do-not-send="true"
href="http://www.cudatel.com">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org">http://www.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.cluecon.com">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a moz-do-not-send="true"
href="FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org">http://www.freeswitch.org</a><br>
<br>
</span></font></blockquote>
<font face="Monaco, Courier New"><span
style="font-size:11pt"> <br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a moz-do-not-send="true"
href="consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel
Communication Server<br>
<a moz-do-not-send="true"
href="http://www.cudatel.com">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org">http://www.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.cluecon.com">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a moz-do-not-send="true"
href="FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org">http://www.freeswitch.org</a><br>
<br>
</span></font></blockquote>
<font face="Monaco, Courier New"><span
style="font-size:11pt"> <br>
<br>
<br>
</span></font></blockquote>
<font face="Monaco, Courier New"><span
style="font-size:11pt"><br>
-- <br>
Ken<br>
<font color="#0000FF"><u><a moz-do-not-send="true"
href="http://www.FreeSWITCH.org">http://www.FreeSWITCH.org</a><br>
<a moz-do-not-send="true"
href="http://www.ClueCon.com">http://www.ClueCon.com</a><br>
<a moz-do-not-send="true"
href="http://www.OSTAG.org">http://www.OSTAG.org</a><br>
</u></font><a moz-do-not-send="true"
href="http://irc.freenode.net">irc.freenode.net</a>
#freeswitch<br>
</span></font>
</div>
</blockquote>
<blockquote type="cite">
<div><span>_________________________________________________________________________</span><br>
<span>Professional FreeSWITCH Consulting Services:</span><br>
<span><a moz-do-not-send="true"
href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a></span><br>
<span><a moz-do-not-send="true"
href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a></span><br>
<span></span><br>
<span>FreeSWITCH-powered IP PBX: The CudaTel Communication
Server</span><br>
<span><a moz-do-not-send="true"
href="http://www.cudatel.com">http://www.cudatel.com</a></span><br>
<span></span><br>
<span>Official FreeSWITCH Sites</span><br>
<span><a moz-do-not-send="true"
href="http://www.freeswitch.org">http://www.freeswitch.org</a></span><br>
<span><a moz-do-not-send="true"
href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a></span><br>
<span><a moz-do-not-send="true"
href="http://www.cluecon.com">http://www.cluecon.com</a></span><br>
<span></span><br>
<span>FreeSWITCH-users mailing list</span><br>
<span><a moz-do-not-send="true"
href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a></span><br>
<span><a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a></span><br>
<span>UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://">http://</a><a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users">lists.freeswitch.org/mailman/options/freeswitch-users</a></span><br>
<span><a moz-do-not-send="true"
href="http://www.freeswitch.org">http://www.freeswitch.org</a></span><br>
</div>
</blockquote>
</div>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a class="moz-txt-link-freetext" href="http://www.cudatel.com">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Frédérick Pruneau
Administrateur réseau | Network administrator
Targo Communications
Ste-Clotilde : (450) 826-0031
Montréal : (514) 448-0773</pre>
</body>
</html>