[Freeswitch-users] (no subject)
steveayre at gmail.com
Wed Oct 22 04:46:25 MSD 2014
Also do you know how the password was gained? If it was brute-forced look
at implementing a secure password policy and using fail2ban to detect and
block brute forcing attacks
On Wednesday, October 22, 2014, Stanislav Sinyagin <ssinyagin at gmail.com>
> (now on a normal keyboard)
> when you use the "limit" application and increase the user's counter, it
> keeps its value only within the context where it was originally called. If
> you, for example, used pieces of the original (Vanilla) FreeSWITCH
> configuration, there are bind_meta_app bindings which send the call into
> another context ("features"). Once it's done, the user's limit counter is
> lost, and you need to increment it again in the new context.
> Also, why don't you implement daily and monthly minute limits and block
> the user as soon as these limits are reached?
> On Tue, Oct 21, 2014 at 9:21 PM, Stanislav Sinyagin <ssinyagin at gmail.com
>> Limit resets as soon as the call leaves the context - could that be the
>> On Oct 21, 2014 8:44 PM, "Kamil Nigmatullin" <kamil.nigmatullin at gmail.com
>>> Dear all,
>>> Today we had an attack. One of our clients lost password to his SIP
>>> account. So with this password attackers made calls on our client's behalf
>>> to very expensive destinations.
>>> We have Opensips as a border controller and Freeswitch as a Softswitch.
>>> This phone was confugured for 1 concurrent line using module limit of FS.
>>> Howerver they somehow managed to make several concurrent calls per one
>>> account. On CDR's we found that there was Attended transfer. Does anybody
>>> knows what kind of attack was that and how I can protect us against this?
>>> Is it sip refer attack when attacker set REFERED BY HEADER?
>>> When I check if limit works whith a sipphone, I see that it worked 100%.
>>> Thanks in advance
>>> Kamil Nigmatullin
>>> Tel: 77272323748
>>> mob: 7 (707) 2517003
>>> Skype: kamil.nigmatullin
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> Official FreeSWITCH Sites
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users