[asterisk-biz] PBX got Hacked

Remco Barendse asterisk at barendse.to
Tue Mar 10 07:55:22 CDT 2009


On Tue, 10 Mar 2009, Trixter aka Bret McDanel wrote:

> On Tue, 2009-03-10 at 05:40 +0000, Vikram Rangnekar wrote:
>> The main reasons for all this brute force hacking of Asterisk (a new
>> phenomenon) is the proliferation of Asterisk (obviously) and configurations
>> where the extension is the same as the authentication credentials for the
>> phones (My extension is 100 my pin is 1234 and I use this for my voicemail as
>> well as for authenticating my phone with the server)
>>
>> Ok well its possible your pin if 3214 even that does not really matter to a
>> brute force attack over SIP where there is no real forced delay between retry
>> attempts.

I guess there should be some configurable options in Asterisk to cover for 
that. Like 10 consecutive failed login attempts should invoke 
asterisk to reply a login denied to that IP address and another option 
that would allow for let's say 5 attempts in 5 minutes and then block the 
extension for login.

Make the login attempts number and blocking time configurable, 
settable system wide with an option to override per extension would close 
the hole.



More information about the asterisk-biz mailing list