
<div dir="ltr">I actually did that on purpose, so if you disable auth on internal you don't accidentally open ourself up for fraud.<div><br></div><div>/b</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jan 26, 2018 at 1:35 PM, Bilal Abbasi <span dir="ltr"><<a href="mailto:bilaln018@gmail.com" target="_blank">bilaln018@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div dir="auto">Brain,</div><div dir="auto">Thanks alot, it was exactly as you said, i was infact even more wondering that why call on internal sip profile goes on public context, anyway its clear now.</div><div dir="auto">thank you everyone for such quick responses, highly appretiated.</div><div dir="auto"><br></div><div dir="auto">Regards</div><span class="HOEnZb"><font color="#888888"><div dir="auto">Abbasi</div></font></span><div><div class="h5"><br><div class="gmail_quote"><div>On Sat, 27 Jan 2018 at 12:20 AM, Abaci B <<a href="mailto:abaci64@gmail.com" target="_blank">abaci64@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>Are you by chance using xml_curl or some other dynamic method to generate the users?<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jan 26, 2018 at 2:14 PM, Bilal Abbasi <span><<a href="mailto:bilaln018@gmail.com" target="_blank">bilaln018@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>"default" is the ONLY user that gets register with any password(i tried from my own softphone), if i try any valid user like 1000,1001 i am not able to register.</div><div class="m_-4869921437516914949m_2972803746846490564HOEnZb"><div class="m_-4869921437516914949m_2972803746846490564h5"><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Jan 27, 2018 at 12:08 AM, Bilal Abbasi <span><<a href="mailto:bilaln018@gmail.com" target="_blank">bilaln018@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>Here is the sngrep screen shot, i guess if i did the blind accept, it should not reply back with 401(just assumption)</div><div class="m_-4869921437516914949m_2972803746846490564m_3460098239711960922HOEnZb"><div class="m_-4869921437516914949m_2972803746846490564m_3460098239711960922h5"><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Jan 27, 2018 at 12:03 AM, Bilal Abbasi <span><<a href="mailto:bilaln018@gmail.com" target="_blank">bilaln018@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>Yes it's challenging auth, and after auth whatever password is configured on softphone it sends 200OK.<div>and i have </div><div><span class="m_-4869921437516914949m_2972803746846490564m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s1" style="font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures;color:rgb(244,244,244)"> </span><span class="m_-4869921437516914949m_2972803746846490564m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s2" style="font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures;color:rgb(52,187,200)"><param </span><span class="m_-4869921437516914949m_2972803746846490564m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s3" style="font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures;color:rgb(52,188,38)">name</span><span class="m_-4869921437516914949m_2972803746846490564m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s1" style="font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures;color:rgb(244,244,244)">=</span><span class="m_-4869921437516914949m_2972803746846490564m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s4" style="color:rgb(195,55,32);font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures">"accept-blind-reg"</span><span class="m_-4869921437516914949m_2972803746846490564m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s2" style="font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures;color:rgb(52,187,200)"> </span><span class="m_-4869921437516914949m_2972803746846490564m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s3" style="font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures;color:rgb(52,188,38)">value</span><span class="m_-4869921437516914949m_2972803746846490564m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s1" style="font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures;color:rgb(244,244,244)">=</span><span class="m_-4869921437516914949m_2972803746846490564m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s4" style="color:rgb(195,55,32);font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures">"false"</span><span class="m_-4869921437516914949m_2972803746846490564m_3460098239711960922m_2038638445344449330m_3650668160651168244gmail-s2" style="font-family:Monaco;font-size:10px;font-variant-ligatures:no-common-ligatures;color:rgb(52,187,200)">/></span></div>


</div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="m_-4869921437516914949m_2972803746846490564m_3460098239711960922m_2038638445344449330h5">On Sat, Jan 27, 2018 at 12:00 AM, Michael Jerris <span><<a href="mailto:mike@jerris.com" target="_blank">mike@jerris.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="m_-4869921437516914949m_2972803746846490564m_3460098239711960922m_2038638445344449330h5"><div style="word-wrap:break-word">is it challenging for auth or no?  maybe you have blind reg turned on? <span><div><br><div><blockquote type="cite"><div>On Jan 26, 2018, at 1:41 PM, Bilal Abbasi <<a href="mailto:bilaln018@gmail.com" target="_blank">bilaln018@gmail.com</a>> wrote:</div><br class="m_-4869921437516914949m_2972803746846490564m_3460098239711960922m_2038638445344449330m_3650668160651168244m_-8495716828034092378Apple-interchange-newline"><div><div>Hi Users,<div>I am using FreeSWITCH<span style="background-color:rgb(255,255,255)"><font> <font face="arial, helvetica, sans-serif"><span style="font-variant-ligatures:no-common-ligatures">Version 1.6.19 git c540248</span><span class="m_-4869921437516914949m_2972803746846490564m_3460098239711960922m_2038638445344449330m_3650668160651168244m_-8495716828034092378gmail-Apple-converted-space" style="font-variant-ligatures:no-common-ligatures"> .</span></font></font></span></div><div>today i noticed very weird issue, that i am getting an attack on one of my dev servers, that somebody is trying to make calls out of the box.</div><div>And he is able to register the phone via "default" username(check via sngrep), i am using complex password and there is NO USER with name "DEFAULT" on my switch.</div><div>I tried to register the default user with any random password and it allowed me to register on my softphone.</div><div>I am really worried, and i can't believe that it's something at FS end.</div><div>I am sure its some mistake, can somebody help me out please.</div></div></div></blockquote></div><br></div></span></div><br></div></div><span>______________________________<wbr>______________________________<wbr>_____________<br>

Professional FreeSWITCH Consulting Services:<br>

<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>

<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>

<br>

Official FreeSWITCH Sites<br>

<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>

<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>

<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>

<br>

FreeSWITCH-users mailing list<br>

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>

<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></span></blockquote></div><br></div>

</blockquote></div><br></div>

</div></div></blockquote></div><br></div>

</div></div><br>______________________________<wbr>______________________________<wbr>_____________<br>

Professional FreeSWITCH Consulting Services:<br>

<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>

<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>

<br>

Official FreeSWITCH Sites<br>

<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>

<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>

<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>

<br>

FreeSWITCH-users mailing list<br>

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>

<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>

______________________________<wbr>______________________________<wbr>_____________<br>

Professional FreeSWITCH Consulting Services:<br>

<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>

<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>

<br>

Official FreeSWITCH Sites<br>

<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>

<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>

<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>

<br>

FreeSWITCH-users mailing list<br>

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>

<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a></blockquote></div></div></div></div>

<br>______________________________<wbr>______________________________<wbr>_____________<br>

Professional FreeSWITCH Consulting Services:<br>

<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>

<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>

<br>

Official FreeSWITCH Sites<br>

<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>

<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>

<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>

<br>

FreeSWITCH-users mailing list<br>

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>

<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div style="font-size:12.8px"><font color="#000000"><img src="https://docs.google.com/uc?export=download&id=1xswZRZyVDo0WQhaemK47pU266yzDRmi0&revid=0B2xnT7i45ngrMTVKM1dpSHZIN28zU0QzbW9xeVF6RXFyRHhBPQ"><br></font></div><div style="font-size:12.8px"><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">Brian West | Co-founder and Developer</font></span></p><p style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">Need Commercial support? email <a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a> </font></span></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">FreeSWITCH Solutions | <a href="https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g" style="color:rgb(17,85,204)" target="_blank">17345 Civic Drive #2531 Brookfield, WI 53045</a></font></span></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><font color="#000000"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Email: </span><span style="color:rgb(17,85,204);font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="mailto:brian@freeswitch.com" target="_blank">brian@freeswitch.com</a></span></font></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">Mobile: 918-424-9378</font></span></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><font color="#000000"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Website: </span><a href="https://www.freeswitch.com/" style="color:rgb(17,85,204)" target="_blank"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">https://www.FreeSWITCH.com</span></a></font></p><p dir="ltr" style="font-size:12.8px;line-height:1.2;margin-top:0pt;margin-bottom:0pt"><font color="#000000"><a href="https://www.facebook.com/freeswitch/" style="color:rgb(17,85,204)" target="_blank"><span style="font-size:11pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><img src="https://lh6.googleusercontent.com/l9_7QxvYIM4pcdS6eXAkIOZKqHnR2mYmt879_LZ93jSG-uGqOLzO0KVlBzTnPxn7QwU7I0Ednhi0MT_4nRGSobPt4f-LXMWr891Agu25Mvx-AD3k45rf6vUBquJW8NMPkHb_DBaK" width="23" height="23" alt="color-facebook-96.png" style="border:none"></span></a><span style="font-size:11pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="https://twitter.com/freeswitch?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor" style="color:rgb(17,85,204)" target="_blank"><img src="https://lh5.googleusercontent.com/_iuGyx4UVI8fg3j3y7xgK6SX7BeTVYO7CLvH29tkkdgRnugoB6Ry39J5IcLdAKinOWuYrprkLisaB8sxMNrHgXAaHBy-GC1510iJrNIwBP5bCM_LGbOisxBTgao6yWITZ4lgQZVD" width="23" height="23" alt="color-twitter-96.png" style="border:none"></a></span></font></p></div></div></div></div></div></div></div></div></div></div></div></div>

</div>