<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">The IPs seems not to be failing that’s why he’s able to receive calls. I am not sure if fail2ban would help much except to look into the logs what dial plan and context and from where the calls are coming in. Maybe there is a profile where auth-calls is false and calls are coming in from that profile. But again, without the log file, it’s not easy to help.</div> <br> <div id="bloop_sign_1419418376338827008" class="bloop_sign"><div style="font-family:helvetica,arial;font-size:13px">-- <br>Muhammad Naseer Bhatti<br></div></div> <div style="color:black"><br>From: <span style="color:black">David Villasmil Govea</span> <a href="mailto:david.villasmil@gmail.com"><david.villasmil@gmail.com></a><br>Reply: <span style="color:black">FreeSWITCH Users Help</span> <a href="mailto:freeswitch-users@lists.freeswitch.org"><freeswitch-users@lists.freeswitch.org>></a><br>Date: <span style="color:black">December 24, 2014 at 1:51:32 PM</span><br>To: <span style="color:black">FreeSWITCH Users Help</span> <a href="mailto:freeswitch-users@lists.freeswitch.org"><freeswitch-users@lists.freeswitch.org>></a><br>Subject: <span style="color:black"> Re: [Freeswitch-users] Receives call From Unknown Extensions <br></span></div><br> <blockquote type="cite" class="clean_bq"><span><div><div></div><div>
<title></title>
<p dir="ltr">Hello,</p>
<p dir="ltr">At the very least I would say need to install and
configure fail2ban urgently, it block ips which try to
authenticate and fail. This saves you from brute - force
attacks.</p>
<p dir="ltr">Regards,</p>
<p dir="ltr">David</p>
<div class="gmail_quote">On Dec 24, 2014 2:19 AM, "Luis Daniel
Lucio Quiroz" <<a href="mailto:luis.daniel.lucio@gmail.com">luis.daniel.lucio@gmail.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Dont worry, your are a target of a kiddy script. As you dont
use<br>
numeric extensions, they wont authenticate. And as you are
using<br>
multitenant, they should be targering the IP (as domain, for
example<br>
<a href="mailto:100@1.1.1.1">100@1.1.1.1</a>) instead
100@yourdomain. So they wont be able to<br>
authenticate (if multidomain is on).<br>
<br>
CDR will still show the failled call. Its normal, FS is reporting
a<br>
failed attempt.<br>
<br>
2014-12-22 17:55 GMT-05:00 Thomas Auge <<a href="mailto:auge@virtues.net">auge@virtues.net</a>>:<br>
> To eliminate the guessing, check the logs which route the
calls took through the system. It should contain the clues
you<br>
> need. You might need to up the log level a bit ...<br>
><br>
><br>
> On 22.12.2014 19:44, Lloyd Aloysius wrote:<br>
>> Fail2Ban is running in the system<br>
>><br>
>> I do not have any default dial plans or extensions.<br>
>><br>
>><br>
>><br>
>><br>
>><br>
>> On Mon, Dec 22, 2014 at 5:35 PM, Thomas Auge <<a href="mailto:auge@virtues.net">auge@virtues.net</a> <mailto:<a href="mailto:auge@virtues.net">auge@virtues.net</a>>> wrote:<br>
>><br>
>> Do you still have the external domain
enabled? I think it routes external calls matching a specific
number theme (<br>
>> ^(10[01][0-9])$ ) to the internal users
through the pre-installed dialplan. It listens on different ports
(5080/1).<br>
>> Config is in sip_profiles/external.xml
and dialplan/public.xml.<br>
>><br>
>> I see an insane amount of brute force
attempts against our PBX', so if there is a way to get anywhere,
you can expect<br>
>> people to try it - over and over and
over ... I can recommend fail2ban. :-)<br>
>><br>
>> Just guessing though, if I'm wrong,
someone more knowledgeable will probably chime in. :)<br>
>><br>
>><br>
>> On 22.12.2014 19:16, Lloyd Aloysius
wrote:<br>
>> > Hi All<br>
>> ><br>
>> > I have a multi domain
setup. We receive calls from unknown extensions (eg: 100 ,
101,1000,1007 etc ).But there is no<br>
>> > voice in it.<br>
>> ><br>
>> > We do not have any default
extensions in the system and all default extensions removed from
the system.<br>
>> ><br>
>> > Users are authenticated by
alphanumeric (like an email username) Eg: <a href="mailto:mike@mydomain.com">mike@mydomain.com</a>
<mailto:<a href="mailto:mike@mydomain.com">mike@mydomain.com</a>><br>
>> and passwords are very<br>
>> > complicated.<br>
>> ><br>
>> > How someone can call a user
without authentication from these extensions?<br>
>> ><br>
>> > Please let me know how to solve
this issue.<br>
>> ><br>
>> > Thanks Lloyd<br>
>> ><br>
>> ><br>
>> ><br>
>> ><br>
>> ><br>
>> >
_________________________________________________________________________
Professional FreeSWITCH Consulting<br>
>> > Services: <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<mailto:<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
>> ><br>
>> > Official FreeSWITCH Sites
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a> <a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
>> ><br>
>> > FreeSWITCH-users mailing list
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<mailto:<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>><br>
>> > <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>> > UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
>> ><br>
>><br>
>><br>
>>
_________________________________________________________________________<br>
>> Professional FreeSWITCH Consulting
Services:<br>
>> <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<mailto:<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>><br>
>> <a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
>><br>
>> Official FreeSWITCH Sites<br>
>> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
>> <a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
>> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
>><br>
>> FreeSWITCH-users mailing list<br>
>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<mailto:<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>><br>
>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
>> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
>><br>
>><br>
>><br>
>><br>
>>
_________________________________________________________________________<br>
>> Professional FreeSWITCH Consulting Services:<br>
>> <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
>> <a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
>><br>
>> Official FreeSWITCH Sites<br>
>> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
>> <a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
>> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
>><br>
>> FreeSWITCH-users mailing list<br>
>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
>> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
>><br>
><br>
><br>
>
_________________________________________________________________________<br>
> Professional FreeSWITCH Consulting Services:<br>
> <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
> <a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
><br>
> Official FreeSWITCH Sites<br>
> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
> <a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
><br>
> FreeSWITCH-users mailing list<br>
> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote>
</div>
_________________________________________________________________________
<br>Professional FreeSWITCH Consulting Services:
<br>consulting@freeswitch.org
<br>http://www.freeswitchsolutions.com
<br>
<br>Official FreeSWITCH Sites
<br>http://www.freeswitch.org
<br>http://confluence.freeswitch.org
<br>http://www.cluecon.com
<br>
<br>FreeSWITCH-users mailing list
<br>FreeSWITCH-users@lists.freeswitch.org
<br>http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
<br>UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
<br>http://www.freeswitch.org</div></div></span></blockquote></body></html>