[asterisk-biz] PBX got Hacked
voip-asterisk at maximumcrm.com
voip-asterisk at maximumcrm.com
Tue Mar 10 03:52:02 CDT 2009
> brute force attacks should generate logs of the failed attempts. Those
> logs should be read by a human who can take appropriate measures to deal
> with it. Automated responses such as blocking an IP are fine and all,
> however there still has to be a human behind it all looking at those
> logs.
> If you have a human reading the logs, the attacker has a much harder
> time brute forcing the credentials and abusing a system. Unless they
> get packet captures and are trying to do a dictionary attack (slightly
> different than a brute force, which is probably what you meant in the
> first place) on the hashes that are contained in the auth packets.
> Randomly chosen passwords make dictionary attacks impossible, the length
> of the password can make brute force attacks unreasonable, and the
> hashes should be sufficient that rainbow tables and reversing are
> impossible/impractical (sip has this going for it at least).
Of course everyone running Asterisk can get 3 humans to monitor the logs
24/7 for the signs of an attack.
Spoofed IPs are an issue for automatic attacks only if you happen to serve
a wide range of IPs from a wide range of people.
Known good IPs should always be whitelisted so that they cannot be knocked
off by the spoofed attacks.
Has anyone actually seen an attack with spoofed IPs anyways?
More information about the asterisk-biz
mailing list