<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:Arial;
color:navy;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:595.3pt 841.9pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=BG link=blue vlink=blue>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>Definitely my fault!
<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>Somebody was open
internet to test environment where external profile does not require
authentication.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>Mario<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span lang=EN-US style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span lang=EN-US
style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=2 face=Tahoma><span lang=EN-US style='font-size:10.0pt;font-family:Tahoma'>
Mario Karakanovski [mailto:mario@ims.bg] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Thursday, February 21, 2013
8:36 AM<br>
<b><span style='font-weight:bold'>To:</span></b> 'FreeSWITCH Users Help'<br>
<b><span style='font-weight:bold'>Subject:</span></b> RE: [Freeswitch-users]
freeswitch hack</span></font><span lang=EN-US><o:p></o:p></span></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>In my situation all calls
are rejected, but I think it is because they are authenticated with invalid
username.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>My concern is how ones
can authenticate in freeswitch with user that not exists and never was
configured. I was not able to reproduce that.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>What I found so far: they
use a couple of IPs. They send OPTIONS (only one time) during the day and start
try at the night. They tried a maximum of 100 calls.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>I am still waiting to log
some packet<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;color:navy'>Mario <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span lang=EN-US style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span lang=EN-US
style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=2 face=Tahoma><span lang=EN-US style='font-size:10.0pt;font-family:Tahoma'>
freeswitch-users-bounces@lists.freeswitch.org
[mailto:freeswitch-users-bounces@lists.freeswitch.org] <b><span
style='font-weight:bold'>On Behalf Of </span></b>Michael Collins<br>
<b><span style='font-weight:bold'>Sent:</span></b> Wednesday, February 20, 2013
10:41 PM<br>
<b><span style='font-weight:bold'>To:</span></b> FreeSWITCH Users Help<br>
<b><span style='font-weight:bold'>Subject:</span></b> Re: [Freeswitch-users]
freeswitch hack</span></font><span lang=EN-US><o:p></o:p></span></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>Aren't they supposed to
be rejected?<o:p></o:p></span></font></p>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>On Wed, Feb 20, 2013 at 11:19 AM, Blake Priddy <<a
href="mailto:bpriddy@bryantschools.org" target="_blank">bpriddy@bryantschools.org</a>>
wrote:<o:p></o:p></span></font></p>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>I have also had the situation that they are calls getting rejected.<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>On Wed, Feb 20, 2013 at 11:08 AM, Michael Collins <<a
href="mailto:msc@freeswitch.org" target="_blank">msc@freeswitch.org</a>>
wrote:<o:p></o:p></span></font></p>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>On Wed, Feb 20, 2013 at 1:53 AM, Mario Karakanovski <<a
href="mailto:mario@ims.bg" target="_blank">mario@ims.bg</a>> wrote:<o:p></o:p></span></font></p>
<div link=blue vlink=blue>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><font
size=2 color=navy face=Arial><span lang=EN-US style='font-size:10.0pt;
font-family:Arial;color:navy'>Thanks Ken,</span></font><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><font
size=2 color=navy face=Arial><span lang=EN-US style='font-size:10.0pt;
font-family:Arial;color:navy'> </span></font><o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><font
size=2 color=navy face=Arial><span lang=EN-US style='font-size:10.0pt;
font-family:Arial;color:navy'>It is helpful, but I still think there is some
security issue. I’ve double check configuration. I’ve try to reproduce
the issue trying to do direct call (TCP and UDP) or authenticate with invalid
user, but everything works as expected – calls/authentication was
rejected. I’ve decide to log the traffic – maybe I will be able to
see where is the problem.</span></font><o:p></o:p></p>
</div>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
</div>
</div>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>What "security
issue"? You said that they cannot make calls with the passwords that
they've guessed, correct? About the only thing left to do is set up <a
href="http://wiki.freeswitch.org/wiki/Fail2ban" target="_blank">fail2ban </a>and
just shut the door on them when they fail too many times.<font color="#888888"><span
style='color:#888888'><br>
<br>
-Michael<br>
</span></font><br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a
href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><o:p></o:p></span></font></p>
</div>
<p class=MsoNormal><font size=3 color="#888888" face="Times New Roman"><span
style='font-size:12.0pt;color:#888888'><br>
<br clear=all>
<span class=hoenzb><o:p></o:p></span></span></font></p>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
</div>
<p class=MsoNormal><span class=hoenzb><font size=3 color="#888888"
face="Times New Roman"><span style='font-size:12.0pt;color:#888888'>-- </span></font><o:p></o:p></span></p>
<div>
<div>
<p class=MsoNormal><font size=2 color="#888888" face="Times New Roman"><span
style='font-size:10.0pt;color:#888888'><img border=0 width=96 height=93
id="_x0000_i1025" src="%20"><br>
</span></font><b><font size=2 color="#888888" face=Georgia><span
style='font-size:10.0pt;font-family:Georgia;color:#888888;font-weight:bold'>Blakelund
Priddy</span></font></b><font size=2><span style='font-size:10.0pt'><o:p></o:p></span></font></p>
<div>
<p class=MsoNormal><font size=2 color=black face=Georgia><span
style='font-size:10.0pt;font-family:Georgia;color:black'>Network Systems
Engineer</span></font><font size=2 color="#500050" face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:#500050'><br>
</span></font><font size=2 color="#500050" face=Georgia><span style='font-size:
10.0pt;font-family:Georgia;color:#500050'>Bryant Public School District<br>
Bryant, Arkansas 72022<br>
</span></font><font size=2 color="#500050" face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:#500050'><a href="http://www.bryantschools.org/"
target="_blank"><font color=black face=Georgia><span style='font-family:Georgia;
color:black'>http://www.bryantschools.org</span></font></a><o:p></o:p></span></font></p>
</div>
<p class=MsoNormal><font size=2 color="#888888" face=Georgia><span
style='font-size:10.0pt;font-family:Georgia;color:#888888'>p <a
href="tel:501-653-5038" target="_blank" value="+15016535038">501-653-5038</a><br>
f <a href="tel:501-847-5656" target="_blank" value="+15018475656">501-847-5656</a></span></font><font
color="#888888"><span style='color:#888888'><o:p></o:p></span></font></p>
</div>
</div>
</div>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a
href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><o:p></o:p></span></font></p>
</div>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><br>
<br clear=all>
<br>
-- <br>
Michael S Collins<br>
Twitter: @mercutioviz<br>
<a href="http://www.FreeSWITCH.org" target="_blank">http://www.FreeSWITCH.org</a><br>
<a href="http://www.ClueCon.com" target="_blank">http://www.ClueCon.com</a><br>
<a href="http://www.OSTAG.org" target="_blank">http://www.OSTAG.org</a><o:p></o:p></span></font></p>
</div>
</body>
</html>