[RndTbl] FreeSWITCH, WAN PBXs - Word to the wise
Troy Denton
trdenton at gmail.com
Wed Jul 7 13:42:55 CDT 2021
Yesterday I modified my freeswitch config to allow phone registration over
the WAN for a very specific and short-term use case. You may remember a
warning about this in my FreeSWITCH presentation - this open registration
is a big no-no. You can probably see where this is going.
Not being entirely foolish, I introduced an ACL to limit it to my household
IP - or so I thought! The ACL I modified had a default "allow" policy
(woops!!). Within 2 hours, I had hackers trying to authenticate. Within 24
hours, they were making calls to the Caribbean and Palestine!
I'm still doing a postmortem to see exactly how they were able to register
- the accounts they were able to use did not (and still do not) exist in my
dialplan. That one's a headscratcher. It's probably a goofy config on my
part. At worst, there was a freeswitch exploit used.
Luckily les.net has some very good piracy detection, and they were able to
turn off my service before I had any serious financial impact - I'm out
about 25 cents.
Moral of the story- don't open your PBX's internal registration to the
internet - even if you think you know what you're doing ;)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://muug.ca/pipermail/roundtable/attachments/20210707/fca2334f/attachment.htm>
More information about the Roundtable
mailing list