ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Securing FreePBX from attacks

    IT Discussion
    freepbx 14 freepbx security network security
    10
    67
    7.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • EddieJenningsE
      EddieJennings
      last edited by

      Two of my phones are in the office, which is a trusted network for the PBX. Two are at users's homes, whose networks aren't explicitly trusted. Linphone was giving me problems on my Korora machine on Friday, so I installed Zoiper when I was at home. My IP was rate limited once, but never made it to the blocked list.

      I have a good bit of menial tasks this morning. I intend to get an external softphone user back on line after noon or so EST so I can see if I can replicate this problem (making 100% sure credentials, etc. are right).

      black3dynamiteB 1 Reply Last reply Reply Quote 0
      • black3dynamiteB
        black3dynamite @EddieJennings
        last edited by

        @eddiejennings said in Securing FreePBX from attacks:

        Two of my phones are in the office, which is a trusted network for the PBX. Two are at users's homes, whose networks aren't explicitly trusted. Linphone was giving me problems on my Korora machine on Friday, so I installed Zoiper when I was at home. My IP was rate limited once, but never made it to the blocked list.

        I have a good bit of menial tasks this morning. I intend to get an external softphone user back on line after noon or so EST so I can see if I can replicate this problem (making 100% sure credentials, etc. are right).

        Are you using the latest version of linphone from their website or the one from the repo?

        1 Reply Last reply Reply Quote 0
        • EddieJenningsE
          EddieJennings
          last edited by

          Alas, no change. Unless there's a log that shows dropped packets, I'm at a loss.

          All users' extensions have Max Contacts set at 3.

          User 1:

          • Yealink phone in the office that has their extension and User 2's extension registered on it. - Zero problems
          • Yealink phone at their home that has their extension on it. - Zero problems

          User 2:

          • Yealink phone in the office that has their extension and User 1's extension registered on it - Zero problems.
          • Yealink phone at their home that has their extension on it. Extension registers, and is listed in Chan_PJSip enpoints; however, afer a few minutes, the IP address is blocked by the Responsive Firewall, and this appears in the Freepbx log.
          [2017-10-03 11:51:38] VERBOSE[2735] res_pjsip/pjsip_configuration.c: Contact XXX/sip:[email protected]:5060 is now Unreachable. RTT: 0.000 msec
[2017-10-03 11:51:38] VERBOSE[2735] res_pjsip/pjsip_configuration.c: Endpoint XXXis now Unreachable

          User 3:

          • Linphone softphone on Windows computer. 100% correct server setting and extension credentials. Same behavior as User's 2 at home Yealink phone with the IP block.
          DashrenderD 1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender @EddieJennings
            last edited by

            @eddiejennings said in Securing FreePBX from attacks:

            Alas, no change. Unless there's a log that shows dropped packets, I'm at a loss.

            All users' extensions have Max Contacts set at 3.

            User 1:

            • Yealink phone in the office that has their extension and User 2's extension registered on it. - Zero problems
            • Yealink phone at their home that has their extension on it. - Zero problems

            User 2:

            • Yealink phone in the office that has their extension and User 1's extension registered on it - Zero problems.
            • Yealink phone at their home that has their extension on it. Extension registers, and is listed in Chan_PJSip enpoints; however, afer a few minutes, the IP address is blocked by the Responsive Firewall, and this appears in the Freepbx log.
            [2017-10-03 11:51:38] VERBOSE[2735] res_pjsip/pjsip_configuration.c: Contact XXX/sip:[email protected]:5060 is now Unreachable. RTT: 0.000 msec
[2017-10-03 11:51:38] VERBOSE[2735] res_pjsip/pjsip_configuration.c: Endpoint XXXis now Unreachable

            User 3:

            • Linphone softphone on Windows computer. 100% correct server setting and extension credentials. Same behavior as User's 2 at home Yealink phone with the IP block.

            What you don't mention is if any of the IPs associated with these phones are in the trusted list. Just for FYI reasons.

            EddieJenningsE JaredBuschJ 2 Replies Last reply Reply Quote 0
            • EddieJenningsE
              EddieJennings @Dashrender
              last edited by EddieJennings

              @dashrender said in Securing FreePBX from attacks:

              @eddiejennings said in Securing FreePBX from attacks:

              Alas, no change. Unless there's a log that shows dropped packets, I'm at a loss.

              All users' extensions have Max Contacts set at 3.

              User 1:

              • Yealink phone in the office that has their extension and User 2's extension registered on it. - Zero problems
              • Yealink phone at their home that has their extension on it. - Zero problems

              User 2:

              • Yealink phone in the office that has their extension and User 1's extension registered on it - Zero problems.
              • Yealink phone at their home that has their extension on it. Extension registers, and is listed in Chan_PJSip enpoints; however, afer a few minutes, the IP address is blocked by the Responsive Firewall, and this appears in the Freepbx log.
              [2017-10-03 11:51:38] VERBOSE[2735] res_pjsip/pjsip_configuration.c: Contact XXX/sip:[email protected]:5060 is now Unreachable. RTT: 0.000 msec
[2017-10-03 11:51:38] VERBOSE[2735] res_pjsip/pjsip_configuration.c: Endpoint XXXis now Unreachable

              User 3:

              • Linphone softphone on Windows computer. 100% correct server setting and extension credentials. Same behavior as User's 2 at home Yealink phone with the IP block.

              What you don't mention is if any of the IPs associated with these phones are in the trusted list. Just for FYI reasons.

              The phones in the office are, since the IP of the office is on the trusted list. The phones outside the office are not, as they're whatever IP the user's ISP gives them.

              1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch @Dashrender
                last edited by

                @dashrender said in Securing FreePBX from attacks:

                @eddiejennings said in Securing FreePBX from attacks:

                Alas, no change. Unless there's a log that shows dropped packets, I'm at a loss.

                All users' extensions have Max Contacts set at 3.

                User 1:

                • Yealink phone in the office that has their extension and User 2's extension registered on it. - Zero problems
                • Yealink phone at their home that has their extension on it. - Zero problems

                User 2:

                • Yealink phone in the office that has their extension and User 1's extension registered on it - Zero problems.
                • Yealink phone at their home that has their extension on it. Extension registers, and is listed in Chan_PJSip enpoints; however, afer a few minutes, the IP address is blocked by the Responsive Firewall, and this appears in the Freepbx log.
                [2017-10-03 11:51:38] VERBOSE[2735] res_pjsip/pjsip_configuration.c: Contact XXX/sip:[email protected]:5060 is now Unreachable. RTT: 0.000 msec
[2017-10-03 11:51:38] VERBOSE[2735] res_pjsip/pjsip_configuration.c: Endpoint XXXis now Unreachable

                User 3:

                • Linphone softphone on Windows computer. 100% correct server setting and extension credentials. Same behavior as User's 2 at home Yealink phone with the IP block.

                What you don't mention is if any of the IPs associated with these phones are in the trusted list. Just for FYI reasons.

                He did list this information. scroll back a couple posts.

                1 Reply Last reply Reply Quote 0
                • AdamFA
                  AdamF
                  last edited by

                  I just had this issue with 2 users. Both were using the Grandstream Wave app softphone. Then they tried to register using the Bria app. Worked instantly. Strange behavior

                  1 Reply Last reply Reply Quote 0
                  • 1
                  • 2
                  • 3
                  • 4
                  • 4 / 4
                  • First post
                    Last post