[Freeswitch-users] freeswitch hack

Michael Collins msc at freeswitch.org
Sat Feb 23 00:19:10 MSK 2013


They can't auth with a username that does not exist. The best they can do
is try to guess user names and passwords. That's where Ken's best practices
are quite useful.

-MC

On Wed, Feb 20, 2013 at 10:35 PM, Mario Karakanovski <mario at ims.bg> wrote:

>  In my situation all calls are rejected, but I think it is because they
> are authenticated with invalid username.****
>
> My concern is how ones can authenticate in freeswitch with user that not
> exists and never was configured. I was not able to reproduce that.****
>
> What I found so far: they use a couple of IPs. They send OPTIONS (only one
> time) during the day and start try at the night. They tried a maximum of
> 100 calls.****
>
> I am still waiting to log some packet****
>
> ** **
>
> Mario ****
>
> ** **
>  ------------------------------
>
> *From:* freeswitch-users-bounces at lists.freeswitch.org [mailto:
> freeswitch-users-bounces at lists.freeswitch.org] *On Behalf Of *Michael
> Collins
> *Sent:* Wednesday, February 20, 2013 10:41 PM
> *To:* FreeSWITCH Users Help
> *Subject:* Re: [Freeswitch-users] freeswitch hack****
>
> ** **
>
> Aren't they supposed to be rejected?****
>
> On Wed, Feb 20, 2013 at 11:19 AM, Blake Priddy <bpriddy at bryantschools.org>
> wrote:****
>
> I have also had the situation that they are calls getting rejected.****
>
> ** **
>
> On Wed, Feb 20, 2013 at 11:08 AM, Michael Collins <msc at freeswitch.org>
> wrote:****
>
> ** **
>
> On Wed, Feb 20, 2013 at 1:53 AM, Mario Karakanovski <mario at ims.bg> wrote:*
> ***
>
> Thanks Ken,****
>
>  ****
>
> It is helpful, but I still think there is some security issue. I’ve double
> check configuration. I’ve try to reproduce the issue trying to do direct
> call (TCP and UDP) or authenticate with invalid user, but everything works
> as expected – calls/authentication was rejected. I’ve decide to log the
> traffic – maybe I will be able to see where is the problem.****
>
> ** **
>
> What "security issue"? You said that they cannot make calls with the
> passwords that they've guessed, correct? About the only thing left to do is
> set up fail2ban <http://wiki.freeswitch.org/wiki/Fail2ban>and just shut
> the door on them when they fail too many times.
>
> -Michael
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org****
>
>
>
> ****
>
> ** **
>
> -- ****
>
>
> *Blakelund Priddy*****
>
> Network Systems Engineer
> Bryant Public School District
> Bryant, Arkansas 72022
> http://www.bryantschools.org****
>
> p 501-653-5038
> f 501-847-5656****
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org****
>
>
>
>
> --
> Michael S Collins
> Twitter: @mercutioviz
> http://www.FreeSWITCH.org
> http://www.ClueCon.com
> http://www.OSTAG.org****
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>


-- 
Michael S Collins
Twitter: @mercutioviz
http://www.FreeSWITCH.org
http://www.ClueCon.com
http://www.OSTAG.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130222/132a54de/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list