<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">The IPs seems not to be failing that’s why he’s able to receive calls. I am not sure if fail2ban would help much except to look into the logs what dial plan and context and from where the calls are coming in. Maybe there is a profile where auth-calls is false and calls are coming in from that profile. But again, without the log file, it’s not easy to help.</div> <br> <div id="bloop_sign_1419418376338827008" class="bloop_sign"><div style="font-family:helvetica,arial;font-size:13px">--&nbsp;<br>Muhammad Naseer Bhatti<br></div></div> <div style="color:black"><br>From:&nbsp;<span style="color:black">David Villasmil Govea</span> <a href="mailto:david.villasmil@gmail.com">&lt;david.villasmil@gmail.com&gt;</a><br>Reply:&nbsp;<span style="color:black">FreeSWITCH Users Help</span> <a href="mailto:freeswitch-users@lists.freeswitch.org">&lt;freeswitch-users@lists.freeswitch.org&gt;&gt;</a><br>Date:&nbsp;<span style="color:black">December 24, 2014 at 1:51:32 PM</span><br>To:&nbsp;<span style="color:black">FreeSWITCH Users Help</span> <a href="mailto:freeswitch-users@lists.freeswitch.org">&lt;freeswitch-users@lists.freeswitch.org&gt;&gt;</a><br>Subject:&nbsp;<span style="color:black"> Re: [Freeswitch-users] Receives call From Unknown Extensions <br></span></div><br> <blockquote type="cite" class="clean_bq"><span><div><div></div><div>


<title></title>


<p dir="ltr">Hello,</p>
<p dir="ltr">At the very least I would say need to install and
configure fail2ban urgently,&nbsp; it block ips which try to
authenticate and fail. This saves you from brute - force
attacks.</p>
<p dir="ltr">Regards,</p>
<p dir="ltr">David</p>
<div class="gmail_quote">On Dec 24, 2014 2:19 AM, "Luis Daniel
Lucio Quiroz" &lt;<a href="mailto:luis.daniel.lucio@gmail.com">luis.daniel.lucio@gmail.com</a>&gt;
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Dont worry, your are a target of a kiddy script. As you dont
use<br>
numeric extensions, they wont authenticate.&nbsp; And as you are
using<br>
multitenant, they should be targering the IP (as domain, for
example<br>
<a href="mailto:100@1.1.1.1">100@1.1.1.1</a>) instead
100@yourdomain.&nbsp; So they wont be able to<br>
authenticate (if multidomain is on).<br>
<br>
CDR will still show the failled call. Its normal, FS is reporting
a<br>
failed attempt.<br>
<br>
2014-12-22 17:55 GMT-05:00 Thomas Auge &lt;<a href="mailto:auge@virtues.net">auge@virtues.net</a>&gt;:<br>
&gt; To eliminate the guessing, check the logs which route the
calls took through the system. It should contain the clues
you<br>
&gt; need. You might need to up the log level a bit ...<br>
&gt;<br>
&gt;<br>
&gt; On 22.12.2014 19:44, Lloyd Aloysius wrote:<br>
&gt;&gt; Fail2Ban is running in the system<br>
&gt;&gt;<br>
&gt;&gt; I do not have any default dial plans or extensions.<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; On Mon, Dec 22, 2014 at 5:35 PM, Thomas Auge &lt;<a href="mailto:auge@virtues.net">auge@virtues.net</a> &lt;mailto:<a href="mailto:auge@virtues.net">auge@virtues.net</a>&gt;&gt; wrote:<br>
&gt;&gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp;Do you still have the external domain
enabled? I think it routes external calls matching a specific
number theme (<br>
&gt;&gt;&nbsp; &nbsp; &nbsp;^(10[01][0-9])$ ) to the internal users
through the pre-installed dialplan. It listens on different ports
(5080/1).<br>
&gt;&gt;&nbsp; &nbsp; &nbsp;Config is in sip_profiles/external.xml
and dialplan/public.xml.<br>
&gt;&gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp;I see an insane amount of brute force
attempts against our PBX', so if there is a way to get anywhere,
you can expect<br>
&gt;&gt;&nbsp; &nbsp; &nbsp;people to try it - over and over and
over ... I can recommend fail2ban. :-)<br>
&gt;&gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp;Just guessing though, if I'm wrong,
someone more knowledgeable will probably chime in. :)<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp;On 22.12.2014 19:16, Lloyd Aloysius
wrote:<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt; Hi All<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt; I have a&nbsp; multi domain
setup. We receive calls from unknown extensions (eg: 100 ,
101,1000,1007 etc ).But there is no<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt;&nbsp; voice in it.<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt; We do not have any default
extensions in the system and all default extensions removed from
the system.<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt; Users are authenticated by
alphanumeric (like an email username) Eg: <a href="mailto:mike@mydomain.com">mike@mydomain.com</a>
&lt;mailto:<a href="mailto:mike@mydomain.com">mike@mydomain.com</a>&gt;<br>

&gt;&gt;&nbsp; &nbsp; &nbsp;and passwords are very<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt; complicated.<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt; How someone can call a user
without authentication from these extensions?<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt; Please let me know how to solve
this issue.<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt; Thanks Lloyd<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt;
_________________________________________________________________________
Professional FreeSWITCH Consulting<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt; Services: <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
&lt;mailto:<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>&gt;
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt; Official FreeSWITCH Sites
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a> <a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt; FreeSWITCH-users mailing list
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
&lt;mailto:<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>&gt;<br>

&gt;&gt;&nbsp; &nbsp; &nbsp; &gt; <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>

&gt;&gt;&nbsp; &nbsp; &nbsp; &gt; UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
&gt;&gt;&nbsp; &nbsp; &nbsp; &gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;&nbsp; &nbsp;
&nbsp;_________________________________________________________________________<br>

&gt;&gt;&nbsp; &nbsp; &nbsp;Professional FreeSWITCH Consulting
Services:<br>
&gt;&gt;&nbsp; &nbsp; &nbsp;<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
&lt;mailto:<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>&gt;<br>

&gt;&gt;&nbsp; &nbsp; &nbsp;<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
&gt;&gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp;Official FreeSWITCH Sites<br>
&gt;&gt;&nbsp; &nbsp; &nbsp;<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
&gt;&gt;&nbsp; &nbsp; &nbsp;<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
&gt;&gt;&nbsp; &nbsp; &nbsp;<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
&gt;&gt;<br>
&gt;&gt;&nbsp; &nbsp; &nbsp;FreeSWITCH-users mailing list<br>
&gt;&gt;&nbsp; &nbsp; &nbsp;<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
&lt;mailto:<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>&gt;<br>

&gt;&gt;&nbsp; &nbsp; &nbsp;<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>

&gt;&gt;&nbsp; &nbsp; &nbsp;UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>

&gt;&gt;&nbsp; &nbsp; &nbsp;<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;
_________________________________________________________________________<br>

&gt;&gt; Professional FreeSWITCH Consulting Services:<br>
&gt;&gt; <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>

&gt;&gt; <a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
&gt;&gt;<br>
&gt;&gt; Official FreeSWITCH Sites<br>
&gt;&gt; <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
&gt;&gt; <a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
&gt;&gt; <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
&gt;&gt;<br>
&gt;&gt; FreeSWITCH-users mailing list<br>
&gt;&gt; <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>

&gt;&gt; <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>

&gt;&gt; UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>

&gt;&gt; <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
&gt;&gt;<br>
&gt;<br>
&gt;<br>
&gt;
_________________________________________________________________________<br>

&gt; Professional FreeSWITCH Consulting Services:<br>
&gt; <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>

&gt; <a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
&gt;<br>
&gt; Official FreeSWITCH Sites<br>
&gt; <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
&gt; <a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
&gt; <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
&gt;<br>
&gt; FreeSWITCH-users mailing list<br>
&gt; <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>

&gt; <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>

&gt; UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>

&gt; <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br>
_________________________________________________________________________<br>

Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>

<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>

<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote>
</div>


_________________________________________________________________________
<br>Professional FreeSWITCH Consulting Services:  
<br>consulting@freeswitch.org
<br>http://www.freeswitchsolutions.com
<br>
<br>Official FreeSWITCH Sites
<br>http://www.freeswitch.org
<br>http://confluence.freeswitch.org
<br>http://www.cluecon.com
<br>
<br>FreeSWITCH-users mailing list
<br>FreeSWITCH-users@lists.freeswitch.org
<br>http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
<br>UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
<br>http://www.freeswitch.org</div></div></span></blockquote></body></html>