[asterisk-biz] PBX got Hacked

VIP Carrier vipcarrier at gmail.com
Sat Feb 7 19:23:16 CST 2009 

The system was secure they had only open few ports on they firewall
443, 5060-5061 and 16384-32767 for RTP traffic,

and users extensions did not match passwords at and SwitchVOX came in as a
Appliance so there was no installation done by any one at they company
everything came in directly from Digium.

We have attempted contacting server pronto on what they technical support
just said email to abuse and they will look in to the problem and refused
talking to us.


On Sat, Feb 7, 2009 at 7:31 PM, Gregory Boehnlein <damin at nacs.net> wrote:

>  I made a comment about this at Astridevcon. We have seen an increase in
> Automated Brute Force hacking attempts against publically accessible VoIP
> systems. Basically, the hackers use an automated tool to hack into a VoIP
> system w/ insecure passwords (ala extension 100 w/ a password of 100). Once
> they gain access, they use it to either:
>
>
>
> a.       Send a bunch of calls to places like Cuba, were costs can be $.30
> / minute.
>
> b.      Have an auto-dialer blast out calls for credit-card scamming.
>
>
>
> There was an FBI announcement not too long ago about a "Vishing" scam that
> was targeting Asterisk PBX systems:
>
> http://blogs.digium.com/2008/12/06/sip-security-and-asterisk/
>
>
>
> At this point, if you have your VoIP system attached to the public
> Internet, and are not taking security precautions such as using strong
> passwords and judicious firewalling, it is only a matter of time until you
> get hacked.
>
>
>
> *From:* asterisk-biz-bounces at lists.digium.com [mailto:
> asterisk-biz-bounces at lists.digium.com] *On Behalf Of *Jai Rangi
> *Sent:* Saturday, February 07, 2009 6:57 PM
> *To:* Commercial and Business-Oriented Asterisk Discussion
> *Subject:* Re: [asterisk-biz] PBX got Hacked
>
>
>
> $2000 calls in one hours? The fraud user must be a professional hacker and
> should have some kind of VoIP system and 10s (if not hundreds) of friends
> calling at the same time.
>
>  On Sat, Feb 7, 2009 at 3:46 PM, Gregory Boehnlein <damin at nacs.net> wrote:
>
> Let me guess…
>
>
>
> 1.       The Switchvox was open to the Internet
>
> 2.       The extensions were simple (three / four digits) and the
> passwords matched the extensions
>
> 3.       The attacker was able to register from the public Internet as one
> of the users and send the calls.
>
>
>
> Sounds much more like an installation done by someone who had no clue about
> IP security. Don't blame Switchvox for the installers lack of a clue..
> Switchvox is designed to run behind a firewall, and best practices for
> installation would dictate that you be very paranoid about what to allow to
> communicate w/ the PBX. Allowing it to be openly accessed on the Public
> Internet is shear stupidity.
>
>
>
> So.. what am I missing here?
>
>
>
> *From:* asterisk-biz-bounces at lists.digium.com [mailto:
> asterisk-biz-bounces at lists.digium.com] *On Behalf Of *VIP Carrier
> *Sent:* Saturday, February 07, 2009 6:36 PM
> *To:* Commercial and Business-Oriented Asterisk Discussion
> *Subject:* [asterisk-biz] PBX got Hacked
>
>
>
> Guys,
> I can't belive that our client's PBX got hacked today.
> My client has a SwitchVOX SMB and it got hacked!
> some F at ckers with a following IP's
> 91.121.132.208
> 69.60.114.222
> was able to send a calls in a matter of 1 hr for more then $2000
>
> what can I say stay a way from switchvox
>
> --
> This message has been scanned for viruses and
> dangerous content by *N2Net Mailshield*<http://www.n2net.net/Products.asp?PageId=1&SubId=14>
> *, and is
> believed to be clean. ***
>
> *
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-biz*
>
> *
>
> --
> This message has been scanned for viruses and
> dangerous content by N2Net Mailshield<http://www.n2net.net/Products.asp?PageId=1&SubId=14>,
> and is
> believed to be clean. *
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-biz
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-biz/attachments/20090207/f2dc06ae/attachment-0001.htm

More information about the asterisk-biz mailing list