[Freeswitch-users] Security issue
Ahmed Habiba
ahabiba at gmail.com
Sun Aug 16 02:53:39 MSD 2015
I face the same a while ago and after some analysts and investigations I applied the below solution which fixes my problem
I did a simple change to the external sip profile which resolved the issue from my point of view.
what I did is I add the below line to the external sip profile, which inform it to valid any request from external system against ACL list.
<param name="apply-inbound-acl" value="domains”/>
>
> From: Anthony Minessale <anthony.minessale at gmail.com>
> Subject: Re: [Freeswitch-users] Security issue
> Date: August 15, 2015 at 5:12:55 PM GMT+3
> To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
> Reply-To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
>
>
> The public context is unauthentecared that is why its called public. Only public facing extensions should be defined there.
>
> The example configs are only a suggestion on how to run your server. The best approach is to learn how the sofia profiles and contexts work to configure it to your needs.
>
> On Saturday, August 15, 2015, Sergey Safarov <s.safarov at gmail.com <mailto:s.safarov at gmail.com>> wrote:
> 1) Output network_ip of received INVITE with appropriate comment like "Block for one day ip x.x.x.x"
> 2) Add fail2ban rule to search strings like "Block for one day ip x.x.x.x" and block ip
>
> On Sat, Aug 15, 2015 at 12:18 PM, Nikolay Zaytsev <nzaytsevc at gmail.com <javascript:_e(%7B%7D,'cvml','nzaytsevc at gmail.com');>> wrote:
> Hi,all)
> I have the freeswitch on public ip with set up fail2ban.
> However, there is an external invites which proceed to dialplan's context public.
> How can I defend my freeswitch from such attaks?
> The log of such attack is in the attachment.
> Bets Regards,
> Nikolay Zaytsev
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <javascript:_e(%7B%7D,'cvml','consulting at freeswitch.org');>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <javascript:_e(%7B%7D,'cvml','FreeSWITCH-users at lists.freeswitch.org');>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>
>
>
>
> --
> Anthony Minessale II ♬ @anthmfs ♬ @FreeSWITCH ♬
>
> ☞ http://freeswitch.org/ <http://freeswitch.org/> ☞ http://cluecon.com/ <http://cluecon.com/> ☞ http://twitter.com/FreeSWITCH <http://twitter.com/FreeSWITCH>
> ☞ irc.freenode.net <http://irc.freenode.net/> #freeswitch ☞ http://freeswitch.org/g+ <http://freeswitch.org/g+>
>
> ClueCon Weekly Development Call
> ☎ sip:888 at conference.freeswitch.org <mailto:sip%3A888 at conference.freeswitch.org> ☎ +19193869900
>
> https://www.youtube.com/watch?v=9XXgW34t40s <https://www.youtube.com/watch?v=9XXgW34t40s>
> https://www.youtube.com/watch?v=NLaDpGQuZDA <https://www.youtube.com/watch?v=NLaDpGQuZDA>
>
>
>
>
> From: Giovanni Maruzzelli <gmaruzz at gmail.com>
> Subject: Re: [Freeswitch-users] Security issue
> Date: August 15, 2015 at 5:22:47 PM GMT+3
> To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
> Reply-To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
>
>
> An external invite in default config go to the public context. That is the expected and correct behavior, in default config.
>
> Eg: is where the incoming did calls would go, and then (in default config) are dispatched to local extensions (1000...1020).
>
> Obviously, you can change the config to fit your needs.
>
> -giovanni
>
> sent from my mobile,
> Giovanni Maruzzelli
> cell: +39 347 266 56 18
>
> On Aug 15, 2015 4:14 PM, "Anthony Minessale" <anthony.minessale at gmail.com <mailto:anthony.minessale at gmail.com>> wrote:
> The public context is unauthentecared that is why its called public. Only public facing extensions should be defined there.
>
> The example configs are only a suggestion on how to run your server. The best approach is to learn how the sofia profiles and contexts work to configure it to your needs.
>
> On Saturday, August 15, 2015, Sergey Safarov <s.safarov at gmail.com <mailto:s.safarov at gmail.com>> wrote:
> 1) Output network_ip of received INVITE with appropriate comment like "Block for one day ip x.x.x.x"
> 2) Add fail2ban rule to search strings like "Block for one day ip x.x.x.x" and block ip
>
> On Sat, Aug 15, 2015 at 12:18 PM, Nikolay Zaytsev <nzaytsevc at gmail.com <>> wrote:
> Hi,all)
> I have the freeswitch on public ip with set up fail2ban.
> However, there is an external invites which proceed to dialplan's context public.
> How can I defend my freeswitch from such attaks?
> The log of such attack is in the attachment.
> Bets Regards,
> Nikolay Zaytsev
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>
>
>
>
> --
> Anthony Minessale II ♬ @anthmfs ♬ @FreeSWITCH ♬
>
> ☞ http://freeswitch.org/ <http://freeswitch.org/> ☞ http://cluecon.com/ <http://cluecon.com/> ☞ http://twitter.com/FreeSWITCH <http://twitter.com/FreeSWITCH>
> ☞ irc.freenode.net <http://irc.freenode.net/> #freeswitch ☞ http://freeswitch.org/g+ <http://freeswitch.org/g+>
>
> ClueCon Weekly Development Call
> ☎ sip:888 at conference.freeswitch.org <mailto:sip%3A888 at conference.freeswitch.org> ☎ +19193869900 <tel:%2B19193869900>
>
> https://www.youtube.com/watch?v=9XXgW34t40s <https://www.youtube.com/watch?v=9XXgW34t40s>
> https://www.youtube.com/watch?v=NLaDpGQuZDA <https://www.youtube.com/watch?v=NLaDpGQuZDA>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150816/56919c57/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list