<p dir="ltr">Limit resets as soon as the call leaves the context - could that be the reason?</p>
<div class="gmail_quote">On Oct 21, 2014 8:44 PM, "Kamil Nigmatullin" <<a href="mailto:kamil.nigmatullin@gmail.com">kamil.nigmatullin@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Dear all, <br><br></div>Today we had an attack. One of our
clients lost password to his SIP account. So with this password
attackers made calls on our client's behalf to very expensive
destinations. <br><br>We have Opensips as a border controller and
Freeswitch as a Softswitch. This phone was confugured for 1 concurrent
line using module limit of FS. Howerver they somehow managed to make
several concurrent calls per one account. On CDR's we found that there
was Attended transfer. Does anybody knows what kind of attack was that
and how I can protect us against this? Is it sip refer attack when attacker set REFERED BY HEADER?<br><br></div><div>When I check if limit works whith a sipphone, I see that it worked 100%. <br></div><div><br></div>Thanks in advanceĀ <br clear="all"><br>-- <br><div dir="ltr">Kamil Nigmatullin<br>Tel: 77272323748<br>mob: 7 (707) 2517003<br>Skype: kamil.nigmatullin</div>
</div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div>