[Freeswitch-users] remove in local SDP word FREESWITCH

Dmitry Lysenko dvl36.ripe.nick at gmail.com
Mon Jun 24 09:55:37 MSD 2013


I mean overall botnet resources, not the hacker's PC. ) Hackers that have
really large botnet may hack everything with login/password security.
The more resources controllable botnet has, the faster the result will be
achieved.
But knowing exactly which software running on target system may reduce
complexity of attack, and accordingly resources required, by times.
Dmitry.


2013/6/24 Ken Rice <krice at freeswitch.org>

>  The bruteforce approach doesn’t really require that much bandwidth at
> all on the part of the original attacker, IDK how many hosts per day I see
> scanning my networks on my honey pots and I would guess that most of them
> are rooted machines... Add this type of functionality to a botnet (we’ve
> already seen sipvicious being deployed as part of a botnet toolkit) and the
> attackers bandwidth is little more then an IRC channel for C&C and PMs
> reporting the exploitable/exploited machines...
>
> This type of thing is nothing new... Distributed Scanning was pioneered in
> the late 90s... And more advanced techniques were seen in the wild for
> doing just this sort of thing well over a decade ago... Sure maybe it’ll
> stop the script kiddies, but its not going to stop the people that you
> really need to look out for...
>
>
>
>
>
> On 6/23/13 10:58 PM, "Dmitry Lysenko" <dvl36.ripe.nick at gmail.com> wrote:
>
> This bruteforce approach required even more resources than intelligent
> one. I mean resources required for creating attacking network. First of all
> someone should write this bot, debug(!) it, then apply it to controlled
> botnet, that should be created before attack. That isn't so simple IMO.
> And even scanning of IP for non-standard port numbers can be detected by
> target system with appropriate action.
>
> Dmitry.
>
>
> 2013/6/23 Steven Ayre <steveayre at gmail.com>
>
> Except the approach of a bot trying known exploits is automated. It
> doesn't take any effort of the hacker's time. It's not on his machine so
> doesn't even use his resources (time/CPU/bandwidth). It doesn't even need
> to check what software is running, simply trying everything in the book is
> sufficient. And that could be done in a couple of minutes.
>
> -Steve
>
>
>
> On 23 June 2013 15:45, Dmitry Lysenko <dvl36.ripe.nick at gmail.com> wrote:
>
> The more work should be done by hacker, the more secure system is.
> So, "security by obscurity" is working, not so good, but thousands of
> years.
>
>
> 2013/6/21 Steven Ayre <steveayre at gmail.com>
>
> 2) *Security trough obscurity != security* its always better than
> nothing. " hey you don't need to guess the
> the software I'm using , I'm giving the info for free just find an entry
> point  and you got it ...."
>
>
> Actually I'd argue the opposite. Security through obscurity often makes
> people assume they're secure and therefore neglect securing their systems
> in the places that actually matter.
>
> The only argument I can really see of hiding that you're running $version
> of $product is that an bug in that $version means an exploit exists.
>
> If that's the case then you need to upgrade to a patched copy of $product
> - you can NOT rely on the fact that people will not realise that they can
> use the exploit because you're hiding what you're running.
>
> The flaw still exists and attackers might either a) guess you're using
> $product and try the exploit anyway or b) have their bot just randomly try
> every exploit in the book against you until one works in which case they
> don't even need to know you're using $product.
>
> The things that matte are actually verifying your authentication is
> working correctly, you're running the latest software, you're following
> software updates / security announcements, etc.
>
> Besides even when $product/$version are hidden they can often be found
> through fingerprinting by looking at differing behaviour between different
> products and within a product between versions.
>
> -Steve
>
>
>
>
> On 21 June 2013 07:59, Antonio Teixeira <eagle.antonio at gmail.com> wrote:
>
>
>
> @Ken
>  I think we need to drop into the real world...
>
>  1) Ok .,... Don't forget to say thanks to Debian , CentOs , Fedora , PHP
> , Python , Microsoft , all the authors of the OpenSource Libs , the creator
> of Make , the creator of the IDE that the Dev team uses ,  etc etc when you
> deliver the next project to your client ...
>
>  2)
>  *Security trough obscurity != security* its always better than nothing.
> " hey you don't need to guess the
>  the software I'm using , I'm giving the info for free just find an entry
> point  and you got it ...."
>
>  I could also imagine you agree with showing the version of the software
> in the HTPP headers (stuff that happens on some webservers/libs ( from my
> ming i can recall Django?!).
>
>  3)
>  The clients pays it doesn't really care about what software you use (
> unless he fears some patent infringement) he wants results.
>
>  4)
>  No , Compliance could be internal or external the end-client could simply
> say "i don't want the freeswitch brand".
>
>
>  ---- ///// ----
>  @all
>  I don't know you guys but my daily work is developing software for some
> fairly large financial institutions and sincerely i think you are all over
> reacting to this thing.
>  Yes if you open-source something you will get part of your software
> stolen , changed or use in a way you were not expecting and not given
> credit for , that's life .If you don't want it , close the source , resell
> it , ask for NDA's , etc.
>  In my daily work me and my collegues use alot of open source ( contrary
> to the popular belief) , closed source and everything in between and you
> don't expect a public statement thanking anyone for anything.
>
>  This is the way life works and with open-source this is our current world
> ( i think the FS Team could even offer a fully custom branded solution) so
> it could help monetize the project.
>
>  And before you start thinking yes i bought G729 licenses , the FS Book
> even before it was out and no to many miles between me and Gluecon , yes i
> know airplanes exist :D.
>
>  P.S - I Also assume that you all as sysadmins once found a problem that a
> blogger may have solved and on your final report to the administration you
> didn't wrote " problem solved by Blogger XXXXXX"....
>
>  And never forget he is just the mailman sometimes the boss wants
> something ( even if not morally correct ) and you have to do it.
>  But the point raised by Anthony regarding the SDP "freeswitch flag" is
> important and you be featured on the wiki :)
>
>  Antonio Teixeira
>
>
>
>  On 6/19/13 3:49 PM, Ken Rice wrote:
>
>
>
>
> Ok... Lets look at these...
>
> Branding... I don't want to show people that I'm using F/OSS software for
> running my for profit business so I can tell them I'm using either
> ${some_comercial_platform} or ${we_developed_this_ourselves}
>
> Security/Security Requirements - Security throught obscurity != security...
>
> Client Requirements - That's a new one one... Unless client is <see
> branding>
>
> Compliance - isnt this the same thing as see security
>
>
> On 6/19/13 8:44 AM, "Antonio Teixeira" <eagle.antonio at gmail.com> <
> mailto:eagle.antonio at gmail.com <eagle.antonio at gmail.com>>  wrote:
>
>
>
>
> I could think off
>
> Branding
> Security
> Client Requirements
> Security Requirements
> Compliance
>
>
> On 6/19/13 2:37 PM, Michael Jerris wrote:
>
>
>
> Why would you want to do that?
>
> On Jun 19, 2013, at 9:28 AM, Abdullah <abdullah at smonte.com> <
> mailto:abdullah at smonte.com <abdullah at smonte.com>>  wrote:
>
>
>
>
> HI ALL ,
>
> please help me ,how to change or remove o=*"FreeSWITCH"* in free switch Cli
> Log .
>
> any idea ??
>
>
>
> o=FreeSWITCH 1369449071 1369449072 IN IP4 10.10.50.1
>    s=FreeSWITCH
>    c=IN IP4 10.10.50.1
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> ------------------------------
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
> --
> Ken
> *http://www.FreeSWITCH.org
> http://www.ClueCon.com
> http://www.OSTAG.org
> *irc.freenode.net #freeswitch
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130624/123dabab/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list