<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Hi,<br><br>Freeswitch is sending re-invites in each 60 seconds. And it comes with SDP which causes our WebRTC client on Mozilla browser to stop sending media. Is there a way to tell freeswitch not to send the re-invites with SDP? <br><br><div>From: freeswitch-users-request@lists.freeswitch.org<br>Subject: FreeSWITCH-users Digest, Vol 100, Issue 106<br>To: freeswitch-users@lists.freeswitch.org<br>Date: Wed, 22 Oct 2014 07:31:36 +0400<br><br><pre>Send FreeSWITCH-users mailing list submissions to<br>        freeswitch-users@lists.freeswitch.org<br> <br>To subscribe or unsubscribe via the World Wide Web, visit<br>        <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>or, via email, send a message with subject or body 'help' to<br>        freeswitch-users-request@lists.freeswitch.org<br> <br>You can reach the person managing the list at<br>        freeswitch-users-owner@lists.freeswitch.org<br> <br>When replying, please edit your Subject line so it is more specific<br>than "Re: Contents of FreeSWITCH-users digest..."<br></pre><br><br>--Forwarded Message Attachment--<br>From: ssinyagin@gmail.com<br>To: freeswitch-users@lists.freeswitch.org<br>Date: Wed, 22 Oct 2014 02:35:02 +0200<br>Subject: Re: [Freeswitch-users] (no subject)<br><br><div dir="ltr"><div><div><div>(now on a normal keyboard)<br></div>Kamil, <br></div><br>when you use the "limit" application and increase the user's counter, it keeps its value only within the context where it was originally called. If you, for example, used pieces of the original (Vanilla) FreeSWITCH configuration, there are bind_meta_app bindings which send the call into another context ("features"). Once it's done, the user's limit counter is lost, and you need to increment it again in the new context.<br><br></div>Also, why don't you implement daily and monthly minute limits and block the user as soon as these limits are reached?<br><br><br><br><div><br> <br><div><br><div><div><div class="ecxgmail_extra"><br><div class="ecxgmail_quote">On Tue, Oct 21, 2014 at 9:21 PM, Stanislav Sinyagin <span dir="ltr"><<a href="mailto:ssinyagin@gmail.com" target="_blank">ssinyagin@gmail.com</a>></span> wrote:<br><blockquote class="ecxgmail_quote" style="border-left:1px solid rgb(204,204,204);padding-left:1ex;"><p dir="ltr">Limit resets as soon as the call leaves the context - could that be the reason?</p>
<div class="ecxgmail_quote"><div><div class="h5">On Oct 21, 2014 8:44 PM, "Kamil Nigmatullin" <<a href="mailto:kamil.nigmatullin@gmail.com" target="_blank">kamil.nigmatullin@gmail.com</a>> wrote:<br></div></div><blockquote class="ecxgmail_quote" style="border-left:1px solid rgb(204,204,204);padding-left:1ex;"><div><div class="h5"><div dir="ltr"><div><div>Dear all, <br><br></div>Today we had an attack. One of our
clients lost password to his SIP account. So with this password
attackers made calls on our client's behalf to very expensive
destinations. <br><br>We have Opensips as a border controller and
Freeswitch as a Softswitch. This phone was confugured for 1 concurrent
line using module limit of FS. Howerver they somehow managed to make
several concurrent calls per one account. On CDR's we found that there
was Attended transfer. Does anybody knows what kind of attack was that
and how I can protect us against this? Is it sip refer attack when attacker set REFERED BY HEADER?<br><br></div><div>When I check if limit works whith a sipphone, I see that it worked 100%. <br></div><div><br></div>Thanks in advance <br clear="all"><br>-- <br><div dir="ltr">Kamil Nigmatullin<br>Tel: 77272323748<br>mob: 7 (707) 2517003<br>Skype: kamil.nigmatullin</div>
</div>
<br></div></div>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div>
</blockquote></div><br></div></div></div></div></div></div>
<br><br>--Forwarded Message Attachment--<br>From: steveayre@gmail.com<br>To: freeswitch-users@lists.freeswitch.org<br>Date: Wed, 22 Oct 2014 01:46:25 +0100<br>Subject: Re: [Freeswitch-users] (no subject)<br><br>Also do you know how the password was gained? If it was brute-forced look at implementing a secure password policy and using fail2ban to detect and block brute forcing attacks<br><br>On Wednesday, October 22, 2014, Stanislav Sinyagin <<a href="mailto:ssinyagin@gmail.com">ssinyagin@gmail.com</a>> wrote:<br><blockquote class="ecxgmail_quote" style="border-left:1px #ccc solid;padding-left:1ex;"><div dir="ltr"><div><div><div>(now on a normal keyboard)<br></div>Kamil, <br></div><br>when you use the "limit" application and increase the user's counter, it keeps its value only within the context where it was originally called. If you, for example, used pieces of the original (Vanilla) FreeSWITCH configuration, there are bind_meta_app bindings which send the call into another context ("features"). Once it's done, the user's limit counter is lost, and you need to increment it again in the new context.<br><br></div>Also, why don't you implement daily and monthly minute limits and block the user as soon as these limits are reached?<br><br><br><br><div><br> <br><div><br><div><div><div class="ecxgmail_extra"><br><div class="ecxgmail_quote">On Tue, Oct 21, 2014 at 9:21 PM, Stanislav Sinyagin <span dir="ltr"><<a target="_blank">ssinyagin@gmail.com</a>></span> wrote:<br><blockquote class="ecxgmail_quote" style="border-left:1px solid rgb(204,204,204);padding-left:1ex;"><p dir="ltr">Limit resets as soon as the call leaves the context - could that be the reason?</p>
<div class="ecxgmail_quote"><div><div>On Oct 21, 2014 8:44 PM, "Kamil Nigmatullin" <<a target="_blank">kamil.nigmatullin@gmail.com</a>> wrote:<br></div></div><blockquote class="ecxgmail_quote" style="border-left:1px solid rgb(204,204,204);padding-left:1ex;"><div><div><div dir="ltr"><div><div>Dear all, <br><br></div>Today we had an attack. One of our
clients lost password to his SIP account. So with this password
attackers made calls on our client's behalf to very expensive
destinations. <br><br>We have Opensips as a border controller and
Freeswitch as a Softswitch. This phone was confugured for 1 concurrent
line using module limit of FS. Howerver they somehow managed to make
several concurrent calls per one account. On CDR's we found that there
was Attended transfer. Does anybody knows what kind of attack was that
and how I can protect us against this? Is it sip refer attack when attacker set REFERED BY HEADER?<br><br></div><div>When I check if limit works whith a sipphone, I see that it worked 100%. <br></div><div><br></div>Thanks in advance <br clear="all"><br>-- <br><div dir="ltr">Kamil Nigmatullin<br>Tel: 77272323748<br>mob: 7 (707) 2517003<br>Skype: kamil.nigmatullin</div>
</div>
<br></div></div>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div>
</blockquote></div><br></div></div></div></div></div></div>
</blockquote>
<br><br>--Forwarded Message Attachment--<br>From: krice@freeswitch.org<br>To: freeswitch-users@lists.freeswitch.org<br>Date: Wed, 22 Oct 2014 02:11:14 +0000<br>Subject: [Freeswitch-users] FreeSWITCH.org Infrastructure Upgrades Nearing        Completion<br><br>New Post on freeswitch.org from krice387<br>
check it out at http://ift.tt/1yhZf5f<br>
FreeSWITCH.org Infrastructure Upgrades Nearing Completion<br>The FreeSWITCH Core Team has been working crazy hours since last Friday to upgrade all the servers the servers that support FreeSWITCH.org!<BR>
At this time services such as jira, confluence, fisheye, stash and the G729 activation server are back to normal.<BR>
We are working to bring anything else we might have missed back online.<BR>
If you find something that’s broken please let us know.<BR>
If you wish to help sponsor this work hit the Donate button and put leave us a note it is to help with move expenses.<BR>
<br><br><br>--Forwarded Message Attachment--<br>From: kamil.nigmatullin@gmail.com<br>To: freeswitch-users@lists.freeswitch.org<br>Date: Wed, 22 Oct 2014 09:31:02 +0600<br>Subject: Re: [Freeswitch-users] (no subject)<br><br><div dir="ltr"><div>The password was lost by client. Not by brouteforce on other site and I defenetly use fail2ban. That;s not the issue. <br></div>I don't have any transfers within meta bind app. I think it was some kind of sip reffer attack.<br></div><div class="ecxgmail_extra"><br><div class="ecxgmail_quote">2014-10-22 6:46 GMT+06:00 Steven Ayre <span dir="ltr"><<a href="mailto:steveayre@gmail.com" target="_blank">steveayre@gmail.com</a>></span>:<br><blockquote class="ecxgmail_quote" style="border-left:1px #ccc solid;padding-left:1ex;">Also do you know how the password was gained? If it was brute-forced look at implementing a secure password policy and using fail2ban to detect and block brute forcing attacks<div class="ecxHOEnZb"><div class="h5"><br><br>On Wednesday, October 22, 2014, Stanislav Sinyagin <<a href="mailto:ssinyagin@gmail.com" target="_blank">ssinyagin@gmail.com</a>> wrote:<br><blockquote class="ecxgmail_quote" style="border-left:1px #ccc solid;padding-left:1ex;"><div dir="ltr"><div><div><div>(now on a normal keyboard)<br></div>Kamil, <br></div><br>when you use the "limit" application and increase the user's counter, it keeps its value only within the context where it was originally called. If you, for example, used pieces of the original (Vanilla) FreeSWITCH configuration, there are bind_meta_app bindings which send the call into another context ("features"). Once it's done, the user's limit counter is lost, and you need to increment it again in the new context.<br><br></div>Also, why don't you implement daily and monthly minute limits and block the user as soon as these limits are reached?<br><br><br><br><div><br> <br><div><br><div><div><div class="ecxgmail_extra"><br><div class="ecxgmail_quote">On Tue, Oct 21, 2014 at 9:21 PM, Stanislav Sinyagin <span dir="ltr"><<a target="_blank">ssinyagin@gmail.com</a>></span> wrote:<br><blockquote class="ecxgmail_quote" style="border-left:1px solid rgb(204,204,204);padding-left:1ex;"><p dir="ltr">Limit resets as soon as the call leaves the context - could that be the reason?</p>
<div class="ecxgmail_quote"><div><div>On Oct 21, 2014 8:44 PM, "Kamil Nigmatullin" <<a target="_blank">kamil.nigmatullin@gmail.com</a>> wrote:<br></div></div><blockquote class="ecxgmail_quote" style="border-left:1px solid rgb(204,204,204);padding-left:1ex;"><div><div><div dir="ltr"><div><div>Dear all, <br><br></div>Today we had an attack. One of our
clients lost password to his SIP account. So with this password
attackers made calls on our client's behalf to very expensive
destinations. <br><br>We have Opensips as a border controller and
Freeswitch as a Softswitch. This phone was confugured for 1 concurrent
line using module limit of FS. Howerver they somehow managed to make
several concurrent calls per one account. On CDR's we found that there
was Attended transfer. Does anybody knows what kind of attack was that
and how I can protect us against this? Is it sip refer attack when attacker set REFERED BY HEADER?<br><br></div><div>When I check if limit works whith a sipphone, I see that it worked 100%. <br></div><div><br></div>Thanks in advance <br clear="all"><br>-- <br><div dir="ltr">Kamil Nigmatullin<br>Tel: 77272323748<br>mob: 7 <a target="_blank">(707) 2517003</a><br>Skype: kamil.nigmatullin</div>
</div>
<br></div></div>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div>
</blockquote></div><br></div></div></div></div></div></div>
</blockquote>
</div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr">Kamil Nigmatullin<br>Tel: 77272323748<br>mob: 7 (707) 2517003<br>Skype: kamil.nigmatullin</div>
</div></div>                                            </div></body>
</html>