[RndTbl] FreeSWITCH, WAN PBXs - Word to the wise

Troy Denton trdenton at gmail.com
Wed Jul 7 13:42:55 CDT 2021

Yesterday I modified my freeswitch config to allow phone registration over
the WAN for a very specific and short-term use case.   You may remember a
warning about this in my FreeSWITCH presentation - this open registration
is a big no-no. You can probably see where this is going.

Not being entirely foolish, I introduced an ACL to limit it to my household
IP - or so I thought! The ACL I modified had a default "allow" policy
(woops!!). Within 2 hours, I had hackers trying to authenticate.  Within 24
hours, they were making calls to the Caribbean and Palestine!

I'm still doing a postmortem to see exactly how they were able to register
- the accounts they were able to use did not (and still do not) exist in my
dialplan.  That one's a headscratcher.  It's probably a goofy config on my
part.  At worst, there was a freeswitch exploit used.

Luckily les.net has some very good piracy detection, and they were able to
turn off my service before I had any serious financial impact - I'm out
about 25 cents.

Moral of the story- don't open your PBX's internal registration to the
internet - even if you think you know what you're doing ;)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://muug.ca/pipermail/roundtable/attachments/20210707/fca2334f/attachment.htm>

More information about the Roundtable mailing list