[Freeswitch-users] Receives call From Unknown Extensions

[Muhammad Naseer Bhatti]

The IPs seems not to be failing that’s why he’s able to receive calls. I am not sure if fail2ban would help much except to look into the logs what dial plan and context and from where the calls are coming in. Maybe there is a profile where auth-calls is false and calls are coming in from that profile. But again, without the log file, it’s not easy to help.

-- 
Muhammad Naseer Bhatti

From: David Villasmil Govea <david.villasmil at gmail.com>
Reply: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>>
Date: December 24, 2014 at 1:51:32 PM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>>
Subject:  Re: [Freeswitch-users] Receives call From Unknown Extensions  

Hello,

At the very least I would say need to install and configure fail2ban urgently,  it block ips which try to authenticate and fail. This saves you from brute - force attacks.

Regards,

David

On Dec 24, 2014 2:19 AM, "Luis Daniel Lucio Quiroz" <luis.daniel.lucio at gmail.com> wrote:
Dont worry, your are a target of a kiddy script. As you dont use
numeric extensions, they wont authenticate.  And as you are using
multitenant, they should be targering the IP (as domain, for example
100 at 1.1.1.1) instead 100 at yourdomain.  So they wont be able to
authenticate (if multidomain is on).

CDR will still show the failled call. Its normal, FS is reporting a
failed attempt.

2014-12-22 17:55 GMT-05:00 Thomas Auge <auge at virtues.net>:
> To eliminate the guessing, check the logs which route the calls took through the system. It should contain the clues you
> need. You might need to up the log level a bit ...
>
>
> On 22.12.2014 19:44, Lloyd Aloysius wrote:
>> Fail2Ban is running in the system
>>
>> I do not have any default dial plans or extensions.
>>
>>
>>
>>
>>
>> On Mon, Dec 22, 2014 at 5:35 PM, Thomas Auge <auge at virtues.net <mailto:auge at virtues.net>> wrote:
>>
>>     Do you still have the external domain enabled? I think it routes external calls matching a specific number theme (
>>     ^(10[01][0-9])$ ) to the internal users through the pre-installed dialplan. It listens on different ports (5080/1).
>>     Config is in sip_profiles/external.xml and dialplan/public.xml.
>>
>>     I see an insane amount of brute force attempts against our PBX', so if there is a way to get anywhere, you can expect
>>     people to try it - over and over and over ... I can recommend fail2ban. :-)
>>
>>     Just guessing though, if I'm wrong, someone more knowledgeable will probably chime in. :)
>>
>>
>>     On 22.12.2014 19:16, Lloyd Aloysius wrote:
>>      > Hi All
>>      >
>>      > I have a  multi domain setup. We receive calls from unknown extensions (eg: 100 , 101,1000,1007 etc ).But there is no
>>      >  voice in it.
>>      >
>>      > We do not have any default extensions in the system and all default extensions removed from the system.
>>      >
>>      > Users are authenticated by alphanumeric (like an email username) Eg: mike at mydomain.com <mailto:mike at mydomain.com>
>>     and passwords are very
>>      > complicated.
>>      >
>>      > How someone can call a user without authentication from these extensions?
>>      >
>>      > Please let me know how to solve this issue.
>>      >
>>      > Thanks Lloyd
>>      >
>>      >
>>      >
>>      >
>>      >
>>      > _________________________________________________________________________ Professional FreeSWITCH Consulting
>>      > Services: consulting at freeswitch.org <mailto:consulting at freeswitch.org> http://www.freeswitchsolutions.com
>>      >
>>      > Official FreeSWITCH Sites http://www.freeswitch.org http://confluence.freeswitch.org http://www.cluecon.com
>>      >
>>      > FreeSWITCH-users mailing list FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>      > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>      > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
>>      >
>>
>>
>>     _________________________________________________________________________
>>     Professional FreeSWITCH Consulting Services:
>>     consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>     http://www.freeswitchsolutions.com
>>
>>     Official FreeSWITCH Sites
>>     http://www.freeswitch.org
>>     http://confluence.freeswitch.org
>>     http://www.cluecon.com
>>
>>     FreeSWITCH-users mailing list
>>     FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>     http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>     UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>     http://www.freeswitch.org
>>
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
_________________________________________________________________________  
Professional FreeSWITCH Consulting Services:  
consulting at freeswitch.org  
http://www.freeswitchsolutions.com  

Official FreeSWITCH Sites  
http://www.freeswitch.org  
http://confluence.freeswitch.org  
http://www.cluecon.com  

FreeSWITCH-users mailing list  
FreeSWITCH-users at lists.freeswitch.org  
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users  
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users  
http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20141224/ac8d3f68/attachment-0001.html