[asterisk-biz] Hacking the network

Zeeshan Zakaria zishanov at gmail.com
Sun Oct 4 16:51:43 CDT 2009


Hi Vijay,

It is very common to see hackers coming from IP addresses belonging to
reputable companies. But this doesn't mean that those companies themselves
are involved in these hack attempts. They can't control who misuses their IP
addresses, but usually they do try their best to block such attempts. The
problem is that many times these IP addresses belong to compromised servers,
and the server owners themselves don't even know that their servers are
being misused by hackers.

The only way to fight such hack attempts is to implement security measures
on your own end. I have learned it the hard way, because my Asterisk servers
have been hacked a few times in last few years, and I have worked with
clients who faced the same issue. I usually send email to the owners of
these IP addresses, which you can find from whois database, but never ever
got any reply back from anyone. I know they can't do much either as I have
worked in NOCs of some serious ISPs. Hackers change the IP addresses very
easily, as they know that they can't do their dirty job from one single IP
address.

If you want to implement some security on your server, I would suggest to
start wit fail2ban. Download it from fail2ban.org, spend some time on their
wiki, and also set it up for asterisk as described in
http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk.
It is a really good utility. Another good idea is to change default ports of
the most commonly used software, and also block ports which you don't use.

Regards,

-- 
Zeeshan A Zakaria

On Sun, Oct 4, 2009 at 5:15 PM, Vijay Gandhi <vijay at gandhiinfotech.com>wrote:

> My first attempt is to get the response from Voxalot only and few of my
> emails were sent around a month back to them, when my switch was hacked at
> first, but since then, I have not received any reply back from them.
>
>
> Regards
>
> Vijay Gandhi
>
>
> -----Original Message-----
> From: asterisk-biz-bounces at lists.digium.com
> [mailto:asterisk-biz-bounces at lists.digium.com] On Behalf Of SIP
> Sent: Monday, October 05, 2009 2:04 AM
> To: Commercial and Business-Oriented Asterisk Discussion
> Subject: Re: [asterisk-biz] Hacking the network
>
> We've had some issues with users coming in from Voxalot IPs as well. Was
> suspicious calling patterns and traffic, but Voxalot was very responsive
> in helping us track things down. I seriously doubt they're ignoring
> response emails. It's Sunday in the US, and many smaller companies run
> limited support staff.
>
> N.
>
> Nir Simionovich wrote:
> > Vijay,
> >
> >   Voxalot is one of the more respected and veteran companies in this
> > sector, I doubt it
> > if they had personally been in charge of the hack attach you are
> > describing. If you are
> > going to publicly claim that a certain company hacked your systems, I
> > suggest that you
> > be able to back it up by some proper proof - or Voxalot may want to
> > sue you for slander.
> >
> > Nir S
> >
> > On Sun, Oct 4, 2009 at 5:53 PM, Nitzan Kon <nk3569 at yahoo.com
> > <mailto:nk3569 at yahoo.com>> wrote:
> >
> >     Just LOL!
> >
> >     --- On Sun, 10/4/09, Vijay Gandhi <vijay at gandhiinfotech.com
> >     <mailto:vijay at gandhiinfotech.com>> wrote:
> >
> >     > Wanted to update everyone, that IP 64.34.173.199
> >     > belong to a company Voxalot, they have hacked our system
> >     > twice and they don't
> >     > even care to reply to any emails sent to them, and they
> >     > don't even
> >     > respond over the phone, beware of them.
> >
> >
> >     _______________________________________________
> >     --Bandwidth and Colocation Provided by http://www.api-digital.com--
> >
> >     AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> >     Register Now: http://www.astricon.net
> >
> >     asterisk-biz mailing list
> >     To UNSUBSCRIBE or update options visit:
> >       http://lists.digium.com/mailman/listinfo/asterisk-biz
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > --Bandwidth and Colocation Provided by http://www.api-digital.com--
> >
> > AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> > Register Now: http://www.astricon.net
> >
> > asterisk-biz mailing list
> > To UNSUBSCRIBE or update options visit:
> >    http://lists.digium.com/mailman/listinfo/asterisk-biz
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-biz
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-biz
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-biz/attachments/20091004/473da2b3/attachment-0001.htm 


More information about the asterisk-biz mailing list