Hi, due to a very extensive project, we need to expose FreePBX to the internet. Specifically, we are concerned with the SIP and RTP ports. The purpose of this action is to allow logging into the system using softphones and configured phones without the need for VPN.

In the past, I noticed that exposing port 5060 results in numerous brute force attacks where the attacker tries to impersonate an extension that exists in the system. However, due to the lack of a password, they are unable to make a phone call. Does an attacker, without knowledge of the extension password, have the ability to make calls at the expense of the client?

Ports such as 443, 80, 22, etc., will not be exposed to the world, only the ports required for telephony.

  • saygon90@alien.topOPB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    The exploit you mentioned was targeted at the REST API or the web interface, if I’m not mistaken. Both of these components will not be exposed to the network.

    Consider installing a Session Border Controller (SBC) for more security.

    Regarding the Session Border Controller (SBC), I found a very interesting project, LibreSBC.

    • WeirdOneTwoThree@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Indeed but I wasn’t trying to warn you about that specific REST API exploit, rather I was cautioning you about the one that will only become known two minutes, two months or two years from now and who knows what it needs to be exposed to be exploited… perhaps one of the ports you have exposed :)