[Freeswitch-users] freeswitch hack

Steven Ayre steveayre at gmail.com
Wed Feb 20 11:14:50 MSK 2013 

Not unusual at all, and not even clever... there are lots of bots that
just randomly search the net for IP addresses that're open to allowing
calls.

First, are you sure the profile is actually requiring authentication
(a simple packet trace will reveal that - the first INVITE should get
a 401 reply).

Second, do you have blind auth enabled, in which case it'd be
accepting any username/password?

Third, are they getting authenticated via an ACL or user CIDR?

Finally, is it possible that you're loading CDRs for calls which have
been rejected?

-Steve




On 20 February 2013 07:28, Mario Karakanovski <mario at ims.bg> wrote:
> Hi all,
>
>         For some days i noticed that somebody was able to register to my
> freeswitch and trying to call international numbers. The attack is very
> clever as the hacker logs at the night, trying to call international number
> 10-15 times while changing the prefix and go away.
>
> The sip profile is connected directly to the internet and require
> authentication:
>         auth-calls = true
>         auth-all-packets = true
>
> There is no IP filtering as the service does not allow setting some.
> Firewall blokes all port except TCP and UDP 5060 and required UDP media
> ports. The authentication is made by directory.
> What I wonder is how ones can authenticated with extension that not exist
> and not described anywhere.
>
> Can it be some security issue with freeswitch? Any ideas how to solve the
> problem?
>
> Regards,
>         Mario
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list