<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="" style="margin: 0px;">I face the same a while ago and after some analysts and investigations I applied the below solution which fixes my problem</div><div class="" style="margin: 0px;"><br class=""></div><div class="" style="margin: 0px;"><br class=""></div><div class="" style="margin: 0px;">I did a simple change to the external sip profile which resolved the issue from my point of view.</div><div class="" style="margin: 0px;"><br class=""></div><div class="" style="margin: 0px;">what I did is I add the below line to the external sip profile, which inform it to valid any request from external system against ACL list.</div><div class="" style="margin: 0px;"><font color="#38571a" class=""><br class=""></font></div><div class="" style="margin: 0px;"><font color="#38571a" class=""><span class="" style="font-family: -apple-system-font; line-height: 16px;">&lt;param&nbsp;</span><span class="" style="font-family: -apple-system-font; line-height: 16px;">name</span><span class="" style="font-family: -apple-system-font; line-height: 16px;">=</span><span class="" style="font-family: -apple-system-font; line-height: 16px;">"apply-inbound-acl"</span><span class="" style="font-family: -apple-system-font; line-height: 16px;">&nbsp;</span><span class="" style="font-family: -apple-system-font; line-height: 16px;">value</span><span class="" style="font-family: -apple-system-font; line-height: 16px;">=</span><span class="" style="font-family: -apple-system-font; line-height: 16px;">"domains”</span><span class="" style="font-family: -apple-system-font; line-height: 16px;">/&gt;</span></font></div><div><br class=""></div><div><br class=""><blockquote type="cite" class=""><div class=""><br class=""></div><div class=""><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">From: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">Anthony Minessale &lt;<a href="mailto:anthony.minessale@gmail.com" class="">anthony.minessale@gmail.com</a>&gt;<br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">Subject: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class=""><b class="">Re: [Freeswitch-users] Security issue</b><br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">Date: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">August 15, 2015 at 5:12:55 PM GMT+3<br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">To: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">FreeSWITCH Users Help &lt;<a href="mailto:freeswitch-users@lists.freeswitch.org" class="">freeswitch-users@lists.freeswitch.org</a>&gt;<br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">Reply-To: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">FreeSWITCH Users Help &lt;<a href="mailto:freeswitch-users@lists.freeswitch.org" class="">freeswitch-users@lists.freeswitch.org</a>&gt;<br class=""></span></div><br class=""><br class="">The public context is unauthentecared that is why its called public.&nbsp; Only public facing extensions should be defined there.<span class=""></span><div class=""><br class=""></div><div class="">The example configs are only a suggestion on how to run your server.&nbsp; The best approach is to learn how the sofia profiles and contexts work to configure it to your needs.<br class=""><br class="">On Saturday, August 15, 2015, Sergey Safarov &lt;<a href="mailto:s.safarov@gmail.com" class="">s.safarov@gmail.com</a>&gt; wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="">1) Output network_ip of received INVITE with appropriate comment like "Block for one day ip x.x.x.x"<div class="">2) Add fail2ban rule to search strings like "Block for one day ip x.x.x.x" and block ip</div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Sat, Aug 15, 2015 at 12:18 PM, Nikolay Zaytsev <span dir="ltr" class="">&lt;<a href="javascript:_e(%7B%7D,'cvml','nzaytsevc@gmail.com');" target="_blank" class="">nzaytsevc@gmail.com</a>&gt;</span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="">Hi,all)<div class="">I have the freeswitch on public ip with set up fail2ban.</div><div class="">However, there is an external invites which proceed to dialplan's context public.</div><div class="">How can I defend my freeswitch from such attaks?</div><div class="">The log of such attack is in the attachment.</div><div class="">Bets Regards,</div><div class="">Nikolay Zaytsev&nbsp;</div></div>
<br class="">_________________________________________________________________________<br class="">
Professional FreeSWITCH Consulting Services:<br class="">
<a href="javascript:_e(%7B%7D,'cvml','consulting@freeswitch.org');" target="_blank" class="">consulting@freeswitch.org</a><br class="">
<a href="http://www.freeswitchsolutions.com/" rel="noreferrer" target="_blank" class="">http://www.freeswitchsolutions.com</a><br class="">
<br class="">
Official FreeSWITCH Sites<br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
<a href="http://confluence.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://confluence.freeswitch.org</a><br class="">
<a href="http://www.cluecon.com/" rel="noreferrer" target="_blank" class="">http://www.cluecon.com</a><br class="">
<br class="">
FreeSWITCH-users mailing list<br class="">
<a href="javascript:_e(%7B%7D,'cvml','FreeSWITCH-users@lists.freeswitch.org');" target="_blank" class="">FreeSWITCH-users@lists.freeswitch.org</a><br class="">
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br class="">
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class=""></blockquote></div><br class=""></div>
</blockquote></div><br class=""><br class="">-- <br class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class="">Anthony Minessale II &nbsp; &nbsp; &nbsp; ♬ @anthmfs&nbsp;&nbsp;♬ @FreeSWITCH&nbsp;&nbsp;♬<div class=""><br class=""><div class="">☞ <a href="http://freeswitch.org/" target="_blank" class="">http://freeswitch.org/</a> &nbsp;☞ <a href="http://cluecon.com/" target="_blank" class="">http://cluecon.com/</a> &nbsp;☞ <a href="http://twitter.com/FreeSWITCH" target="_blank" class="">http://twitter.com/FreeSWITCH</a></div><div class=""><div class="">☞ <a href="http://irc.freenode.net/" target="_blank" class="">irc.freenode.net</a> #freeswitch&nbsp;☞ <u class=""><a href="http://freeswitch.org/g+" target="_blank" class="">http://freeswitch.org/g+</a></u><br class=""><br class=""></div><div class="">ClueCon Weekly Development Call&nbsp;<br class=""></div><div class="">☎&nbsp;<a href="mailto:sip%3A888@conference.freeswitch.org" target="_blank" class="">sip:888@conference.freeswitch.org</a> &nbsp;☎ +19193869900&nbsp;</div><div class=""><br class=""></div></div></div><div class=""><a href="https://www.youtube.com/watch?v=9XXgW34t40s" style="color:rgb(17,85,204);font-size:12.8000001907349px" target="_blank" class="">https://www.youtube.com/watch?v=9XXgW34t40s</a></div><div class=""><a href="https://www.youtube.com/watch?v=NLaDpGQuZDA" target="_blank" class="">https://www.youtube.com/watch?v=NLaDpGQuZDA</a><br class=""></div></div></div></div></div></div><br class="">
<br class=""><br class=""><br class=""><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">From: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">Giovanni Maruzzelli &lt;<a href="mailto:gmaruzz@gmail.com" class="">gmaruzz@gmail.com</a>&gt;<br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">Subject: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class=""><b class="">Re: [Freeswitch-users] Security issue</b><br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">Date: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">August 15, 2015 at 5:22:47 PM GMT+3<br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">To: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">FreeSWITCH Users Help &lt;<a href="mailto:freeswitch-users@lists.freeswitch.org" class="">freeswitch-users@lists.freeswitch.org</a>&gt;<br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">Reply-To: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">FreeSWITCH Users Help &lt;<a href="mailto:freeswitch-users@lists.freeswitch.org" class="">freeswitch-users@lists.freeswitch.org</a>&gt;<br class=""></span></div><br class=""><br class=""><p dir="ltr" class="">An external invite in default config go to the public context. That is the expected and correct behavior, in default config.</p><p dir="ltr" class="">Eg: is where the incoming did calls would go, and then (in default config) are dispatched to local extensions (1000...1020).</p><p dir="ltr" class="">Obviously, you can change the config to fit your needs.</p><p dir="ltr" class="">-giovanni</p><p dir="ltr" class="">sent from my mobile,<br class="">
Giovanni Maruzzelli<br class="">
cell: +39 347 266 56 18</p>
<div class="gmail_quote">On Aug 15, 2015 4:14 PM, "Anthony Minessale" &lt;<a href="mailto:anthony.minessale@gmail.com" class="">anthony.minessale@gmail.com</a>&gt; wrote:<br type="attribution" class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">The public context is unauthentecared that is why its called public.&nbsp; Only public facing extensions should be defined there.<span class=""></span><div class=""><br class=""></div><div class="">The example configs are only a suggestion on how to run your server.&nbsp; The best approach is to learn how the sofia profiles and contexts work to configure it to your needs.<br class=""><br class="">On Saturday, August 15, 2015, Sergey Safarov &lt;<a href="mailto:s.safarov@gmail.com" target="_blank" class="">s.safarov@gmail.com</a>&gt; wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="">1) Output network_ip of received INVITE with appropriate comment like "Block for one day ip x.x.x.x"<div class="">2) Add fail2ban rule to search strings like "Block for one day ip x.x.x.x" and block ip</div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Sat, Aug 15, 2015 at 12:18 PM, Nikolay Zaytsev <span dir="ltr" class="">&lt;<a class="">nzaytsevc@gmail.com</a>&gt;</span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="">Hi,all)<div class="">I have the freeswitch on public ip with set up fail2ban.</div><div class="">However, there is an external invites which proceed to dialplan's context public.</div><div class="">How can I defend my freeswitch from such attaks?</div><div class="">The log of such attack is in the attachment.</div><div class="">Bets Regards,</div><div class="">Nikolay Zaytsev&nbsp;</div></div>
<br class="">_________________________________________________________________________<br class="">
Professional FreeSWITCH Consulting Services:<br class="">
<a class="">consulting@freeswitch.org</a><br class="">
<a href="http://www.freeswitchsolutions.com/" rel="noreferrer" target="_blank" class="">http://www.freeswitchsolutions.com</a><br class="">
<br class="">
Official FreeSWITCH Sites<br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
<a href="http://confluence.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://confluence.freeswitch.org</a><br class="">
<a href="http://www.cluecon.com/" rel="noreferrer" target="_blank" class="">http://www.cluecon.com</a><br class="">
<br class="">
FreeSWITCH-users mailing list<br class="">
<a class="">FreeSWITCH-users@lists.freeswitch.org</a><br class="">
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br class="">
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class=""></blockquote></div><br class=""></div>
</blockquote></div><br class=""><br class="">-- <br class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class="">Anthony Minessale II &nbsp; &nbsp; &nbsp; ♬ @anthmfs&nbsp;&nbsp;♬ @FreeSWITCH&nbsp;&nbsp;♬<div class=""><br class=""><div class="">☞ <a href="http://freeswitch.org/" target="_blank" class="">http://freeswitch.org/</a> &nbsp;☞ <a href="http://cluecon.com/" target="_blank" class="">http://cluecon.com/</a> &nbsp;☞ <a href="http://twitter.com/FreeSWITCH" target="_blank" class="">http://twitter.com/FreeSWITCH</a></div><div class=""><div class="">☞ <a href="http://irc.freenode.net/" target="_blank" class="">irc.freenode.net</a> #freeswitch&nbsp;☞ <u class=""><a href="http://freeswitch.org/g+" target="_blank" class="">http://freeswitch.org/g+</a></u><br class=""><br class=""></div><div class="">ClueCon Weekly Development Call&nbsp;<br class=""></div><div class="">☎&nbsp;<a href="mailto:sip%3A888@conference.freeswitch.org" target="_blank" class="">sip:888@conference.freeswitch.org</a> &nbsp;☎ <a href="tel:%2B19193869900" value="+19193869900" target="_blank" class="">+19193869900</a>&nbsp;</div><div class=""><br class=""></div></div></div><div class=""><a href="https://www.youtube.com/watch?v=9XXgW34t40s" style="color:rgb(17,85,204);font-size:12.8000001907349px" target="_blank" class="">https://www.youtube.com/watch?v=9XXgW34t40s</a></div><div class=""><a href="https://www.youtube.com/watch?v=NLaDpGQuZDA" target="_blank" class="">https://www.youtube.com/watch?v=NLaDpGQuZDA</a><br class=""></div></div></div></div></div></div><br class="">
<br class="">_________________________________________________________________________<br class="">
Professional FreeSWITCH Consulting Services:<br class="">
<a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a><br class="">
<a href="http://www.freeswitchsolutions.com/" rel="noreferrer" target="_blank" class="">http://www.freeswitchsolutions.com</a><br class="">
<br class="">
Official FreeSWITCH Sites<br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
<a href="http://confluence.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://confluence.freeswitch.org</a><br class="">
<a href="http://www.cluecon.com/" rel="noreferrer" target="_blank" class="">http://www.cluecon.com</a><br class="">
<br class="">
FreeSWITCH-users mailing list<br class="">
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" class="">FreeSWITCH-users@lists.freeswitch.org</a><br class="">
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br class="">
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class=""></blockquote></div>
<br class=""><br class=""></div></blockquote></div><br class=""></body></html>