[Freeswitch-users] Call Without Authorization
Shahzad Bhatti
shahzad.bhatti at g-r-v.com
Fri Feb 28 21:51:04 MSK 2014
Hi everybody,
i create my xml_curl script as that don't allow unregistered calls with the
following condition
*<condition field=\"\${sofia_contact */{$sipuser}@$domain}\"
expression=\"^[^@]+@(.+)\">*
and its working but yesterday a call is originated from having
*fs_cli log as *
http://pastebin.freeswitch.org/22050
*xml_cdr is*
http://pastebin.freeswitch.org/22052
*dialplan xml is *
http://pastebin.freeswitch.org/22054
this is only example that how the hacker breached
i want to know that
*1. how it is possible that this call is originated as i check condition
that allow to call only registered sip accounts.*
*2. how to prevent that this would not happened in future. *
*3. if there any better way to do that do inform me;*
i check about 500 calls placed under the given scenario and many of them
also answered
Regards
Shahzad Bhatti
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140228/7caab624/attachment.html
Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users
mailing list