<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">For 'bad guys using SIP' I added the
package 'fail2ban'. And then set it up to watch for failed auth
attempts and attempts to conenct without the proper domain, then
set it to ban those ips for a while.<br>
<br>
When I get the time, I'm going to set it up to answer the vicious
person's call, then put them on hold for a long time, then ban
them and then also send an email. That way their systems get tied
up. Hopefully a group like 'spamhaus' or other will create a pool
of sip spammers so we can deny that traffic before it hits
freeswitch.<br>
<br>
I think some legislation is in order so the police can arrest
chronic bad actors and fine them to offset the cost of 'spamhaus'
type setups and confiscate their gear.<br>
<br>
<br>
<br>
On 10/23/2013 10:26 AM, Donny Hardyanto wrote:<br>
</div>
<blockquote
cite="mid:CAEhEJ-Vz09NfO2w305V9-Hm58hwCZfXfe3XVgCaRWefvTPjnHQ@mail.gmail.com"
type="cite">
<p dir="ltr">The problem is there were some SIP port scanner
constantly scanning ip address for SIP known port in internet,
when they found they automatically and systematically try to
break SIP authentification and try to make routing. It very
vicious world out there for SIP. Changing the port is the least
defense we can do very minimaly. Of course they other solution
like put on sbc or something but in depend on circumstances. So
what ever that we can control such as our deployed softphone or
ip phone, we change its the default SIP port listener.</p>
<p dir="ltr">My own solution is always open source. In the hacking
case I was put our solution in the partner network. I cannot
control my partner what hardware they are using. And in
sip/netwotk world we do interconnecting with all kind of
hardware and software, whether commercial and oss.</p>
<p dir="ltr">Donny</p>
<div class="gmail_quote">On Oct 23, 2013 10:10 PM, "hcoin" <<a
moz-do-not-send="true" href="mailto:hcoin@quietfountain.com">hcoin@quietfountain.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Donny, It's a balancing act, people choose commercial
routers because they want it all to 'just work' and not
have to get into the guts of it. That's what please
expect and pay for-- 'just working', you pay for not
being forced to learn the guts and 'deal with it'. <br>
<br>
My policy has been that if the commercial router doesn't
come with a staff member at the commercial company to make
the problem go away, go to an open source solution. If
you're going to be made to 'deal with it', then you might
as well have access to all the guts, all the tools, the
whole thing yourself. Otherwise you wind up working for
free making someone else's commercial product better, and
who knows if the next release will break your fix or
not. No, if you are being forced to deal with a problem
in the guts of commercial software yourself, you aren't
getting any value and the answer is find out whether an
open source version is solid enough and if it is go with
that. Might was well learn 'everything' about something
you can compile yourself if it comes down to that. You
pick up a lot of dubious skills though, for example I can
now edit freeswitch transport protocols and the sip
stack. A thing I hope never to have to do.... Seriously
whoever came up with RTP and SIP using a bezillion ports
and the whole NAT nightmare.... arg. Look how much of
freeswitch is not dealing with telephone and talk issues,
but routing issues. It's half a router itself. <br>
<br>
This business of weaving together products made by various
vendors: routers, soft phones, pstn-voip legacy boxen,
freeswitch, routers, 'guis on top of X', it's every bit
as tough as programming. In programming you control 'the
world' and have a narrow focus. This business of
integrating lots of work by lots of folks, not for the
timid.<br>
<br>
<br>
On 10/23/2013 01:42 AM, Donny Hardyanto wrote:<br>
</div>
<blockquote type="cite">
<p>I am now practicing not using standard port because
some hacks couple month ago. It was quite bad, it cost
thousand of dollars and we cannot find the culprit IP
address because the router ALG rewrites them and there
is no accessible log on the router.</p>
<p>Donny</p>
<div class="gmail_quote">On Oct 23, 2013 1:17 PM, "hcoin"
<<a moz-do-not-send="true"
href="mailto:hcoin@quietfountain.com" target="_blank">hcoin@quietfountain.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Anthony and Donny, thanks for replying.<br>
<br>
Putting a packet capture on the line revealed the
problem to be a combination of quirks in both
linphone (windows version ignores fs nonstandard
destination port) and dns-forwarder (override of <a
moz-do-not-send="true" href="http://foo.bar.com"
target="_blank">foo.bar.com</a> fails if <a
moz-do-not-send="true" href="http://foo.bar.com"
target="_blank">foo..bar.com</a> is a cname on
the public internet, not an A record). The call
was coming in on the external profile because the
dns forwarder was letting the resolution go to the
public internet and so the local systems were
sending out to the router, which sent it back in
to... the external interface. However, I do now
know how to watch calls pass through freeswitch
and have read most of the source code in the sofia
endpoint, nta, nua, etc. etc... and had lots of
fun with gdb stepping around watching the packets
flow.<br>
<br>
The main lession I think is worth sharing is this:
Use 5060 for sip. If you are thinking of
various profiles using the same address but
different ports on the one hand, or on the other
hand using ip aliases so each profile uses the
'standard' ports but a different ip--- go with the
ip alias approach. So in
/etc/network/interfaces , supposing your main nic
is eth0:<br>
<br>
iface eth0 inet dhcp <-- or whatnot on your
system><br>
..<br>
post-up ifup eth0:1<br>
pre-down ifdown eth0:1<br>
..<br>
<br>
<br>
iface eth0:1 inet static<br>
address <something unique on the lan><br>
netmask <etc.><br>
<br>
Problems all melted away as if they never were.<br>
<br>
Thanks again for trying to help! I even bought
the freeswitch book. Ka-Ching for someone on this
list...<br>
<br>
<br>
<br>
On 10/22/2013 06:38 PM, Anthony Minessale wrote:<br>
</div>
<blockquote type="cite">
<p dir="ltr">Did you change all the fields in the
new profile you duplicated that were relevant to
the name like name...</p>
<p dir="ltr">I usually cp internal.xml new.xml
then edit new.xml and global replace internal
with new right off the bat.</p>
<p dir="ltr">You might find your mistake faster if
you backup and revert to default sip profiles
from sample and slowly make changes again.</p>
<div class="gmail_quote">On Oct 22, 2013 1:04 AM,
"hcoin" <<a moz-do-not-send="true"
href="mailto:hcoin@quietfountain.com"
target="_blank">hcoin@quietfountain.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex"> <br>
This has been a really frustrating problem,
I'm sure the answer is<br>
simple but I just can't see it.<br>
<br>
I had several extensions registered to the
internal profile, sending<br>
calls out the external profile to a sip-pstn
gateway, all seemed fine.<br>
<br>
Then created another internal profile, using a
different sip port on the<br>
same lan address, because of 'no device left
behind' and NAT issues..<br>
<br>
All seemed well, all the phones register
normally. Looking at the<br>
databases in FS they all show the proper
ports, the proper domains, etc.<br>
<br>
However, every single call gets picked up as a
new call via<br>
sophia/external/... and it hits the public
dialplan normally -- except<br>
that's the wrong plan, it should hit the
default plan and be identified<br>
as sofia/internal/.... and so forth.<br>
2013-10-22 00:31:11.001600 [NOTICE]
switch_channel.c:1034 New Channel<br>
sofia/external/<a moz-do-not-send="true"
href="mailto:hcoin@pbx.foobar.com"
target="_blank">hcoin@pbx.foobar.com</a>
[28ed125a-3adb-11e3-9cc1-cbb8efb09b83]<br>
<br>
What could possibly be the reason phones
registered on the internal<br>
profile have their new calls identified as
sophia/external and don't hit<br>
the correct plan? Both the phones and the
freeswitch are on the same<br>
subnet. This should be so vanilla. What am I
missing?<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a moz-do-not-send="true"
href="mailto:consulting@freeswitch.org"
target="_blank">consulting@freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitchsolutions.com"
target="_blank">http://www..freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel
Communication Server<br>
<a moz-do-not-send="true"
href="http://www.cudatel.com"
target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org"
target="_blank">http://www.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://wiki.freeswitch.org"
target="_blank">http://wiki.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.cluecon.com"
target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:FreeSWITCH-users@lists.freeswitch.org"
target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org"
target="_blank">http://www.freeswitch.org</a><br>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a moz-do-not-send="true" href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a moz-do-not-send="true" href="http://www.freeswitchsolutions.com" target="_blank">http://www...freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a moz-do-not-send="true" href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a moz-do-not-send="true" href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a moz-do-not-send="true" href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a>
<a moz-do-not-send="true" href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a moz-do-not-send="true" href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>
<a moz-do-not-send="true" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a moz-do-not-send="true" href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a moz-do-not-send="true" href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
</pre>
</blockquote>
<br>
</div>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a moz-do-not-send="true"
href="mailto:consulting@freeswitch.org"
target="_blank">consulting@freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitchsolutions.com"
target="_blank">http://www..freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication
Server<br>
<a moz-do-not-send="true"
href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:FreeSWITCH-users@lists.freeswitch.org"
target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a moz-do-not-send="true" href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a moz-do-not-send="true" href="http://www.freeswitchsolutions.com" target="_blank">http://www..freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a moz-do-not-send="true" href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a moz-do-not-send="true" href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a moz-do-not-send="true" href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a>
<a moz-do-not-send="true" href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a moz-do-not-send="true" href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>
<a moz-do-not-send="true" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a moz-do-not-send="true" href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a moz-do-not-send="true" href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
</pre>
</blockquote>
<br>
</div>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a moz-do-not-send="true"
href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://www.freeswitchsolutions.com" target="_blank">http://www..freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a moz-do-not-send="true" href="http://www.cudatel.com"
target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a moz-do-not-send="true" href="http://www.freeswitch.org"
target="_blank">http://www.freeswitch.org</a><br>
<a moz-do-not-send="true" href="http://wiki.freeswitch.org"
target="_blank">http://wiki.freeswitch.org</a><br>
<a moz-do-not-send="true" href="http://www.cluecon.com"
target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a moz-do-not-send="true" href="http://www.freeswitch.org"
target="_blank">http://www.freeswitch.org</a><br>
<br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a class="moz-txt-link-freetext" href="http://www.cudatel.com">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
</pre>
</blockquote>
<br>
<br>
</body>
</html>