Very funny Troy. I made an even worsee mistake a few months ago. I exposed a new system (intended to be a router) with 'root:root' to the world thinking my brand new nftables knowledge was sound, and it was not. Literally the definition of "enough to be dangerous!". Had multiple successful SSH root logins in the course of only a few hours and decided I was better off wiping and starting over. Fun times! -Alex
Date: Wed, 7 Jul 2021 13:42:55 -0500 From: Troy Denton trdenton@gmail.com To: Continuation of Round Table discussion roundtable@muug.ca Subject: [RndTbl] FreeSWITCH, WAN PBXs - Word to the wise Message-ID: CAN8-H5_ONESqpnNu_78_taq8Uu9bnK9Po4FTyq_gkf_y8WKvOg@mail.gmail.com Content-Type: text/plain; charset="utf-8"
Yesterday I modified my freeswitch config to allow phone registration over the WAN for a very specific and short-term use case. You may remember a warning about this in my FreeSWITCH presentation - this open registration is a big no-no. You can probably see where this is going.
Not being entirely foolish, I introduced an ACL to limit it to my household IP - or so I thought! The ACL I modified had a default "allow" policy (woops!!). Within 2 hours, I had hackers trying to authenticate. Within 24 hours, they were making calls to the Caribbean and Palestine!
I'm still doing a postmortem to see exactly how they were able to register
- the accounts they were able to use did not (and still do not) exist in my
dialplan. That one's a headscratcher. It's probably a goofy config on my part. At worst, there was a freeswitch exploit used.
Luckily les.net has some very good piracy detection, and they were able to turn off my service before I had any serious financial impact - I'm out about 25 cents.
Moral of the story- don't open your PBX's internal registration to the internet - even if you think you know what you're doing ;)