[asterisk-biz] PBX got Hacked
John Mason Jr
john.mason.jr at cox.net
Sat Feb 7 20:43:09 CST 2009
Well if you can determine the vulnerability & how to exploit it you
should notify the vendor.
I would hope that you have a firewall that limits the ipaddresses that
can connect to the pbx to those that have a legitimate need
I would also consider something to limit traffic and watch the logs for
brute force attacks
There are many tools out there for testing voip install security
John
VIP Carrier wrote:
> to me it look like there is some type of security whole in SwitchVOX
> web gui that have coused this issue.
>
> On Sat, Feb 7, 2009 at 9:17 PM, VIP Carrier <vipcarrier at gmail.com
> <mailto:vipcarrier at gmail.com>> wrote:
>
> Here is a sample of passwords for sip phone
> *yEphe4A56U
> * but for voice mails there was a simple passwords
> *
> *
> On Sat, Feb 7, 2009 at 8:45 PM, Stefan Wintermeyer
> <stefan.wintermeyer at amooma.de
> <mailto:stefan.wintermeyer at amooma.de>> wrote:
>
> Am 08.02.2009 um 02:31 schrieb VIP Carrier:
> > Here is an IP witch they have used to access a system
> 116.122.36.95
>
> Give me a break!
>
> If you can not stand the heat of the _dangerous_ internet: Get
> your
> self a pair of scissors and cut all network cables!
>
> If you run a server in the wild you have to know what you are
> doing.
> This is not a problem of SwitchVOX or any other kind of appliance/
> software. This is just a problem of having common sense and
> knowledge
> of the stuff you are doing.
>
> Stefan
>
> PS: In the good old times our clients all had official IP
> addresses
> and we used telnet to log into our Linux boxes. But things have
> changed quite a bit since then.
>
> --
> AMOOCON 2009, May 4-5, Rostock / Germany ->
> http://www.amoocon.de
> Asterisk: http://the-asterisk-book.com -
> http://das-asterisk-buch.de
> AMOOMA GmbH - Bachstr. 126 - 56566 Neuwied ->
> http://www.amooma.de
> Geschäftsführer: Stefan Wintermeyer, Handelsregister: Neuwied
> B14998
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by
> http://www.api-digital.com--
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-biz
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-biz
More information about the asterisk-biz
mailing list