[asterisk-biz] Any installations in European Consulates or Embassies?

Stephane Bakhos voip-asterisk at maximumcrm.com
Tue Sep 1 13:30:38 CDT 2009 

My various asterisk boxes get scanned a few times a week, of course 
fail2ban is in place to firewall them very quickly and I don't use default 
user/passwords.

Same with ssh and the email servers.
It's not even hard to set it up.

On Tue, 1 Sep 2009, lists at contacttel.com wrote:

> Date: Tue, 1 Sep 2009 14:04:28 -0400
> From: lists at contacttel.com
> Reply-To: Commercial and Business-Oriented Asterisk Discussion
>     <asterisk-biz at lists.digium.com>
> To: 'Commercial and Business-Oriented Asterisk Discussion'
>     <asterisk-biz at lists.digium.com>
> Subject: Re: [asterisk-biz] Any installations in European Consulates or
>     Embassies?
> 
> Just got a client call about unauthorized calls, logged in his system and
> this is what i saw.
>
> SSH port forwarded to a freepbx box
> Default user/pass for mysql/web/ssh
>
> User created peers in mysql directly and then changed ssh pass
>
> All peers that was on where 104/104 105/105 etc..
>
> Sip anon yes..
>
> That's the default install
>
> You give a loaded gun to a guy that never used one, without instructions, he
> will surely shoot himself before learning to put the safety on.
>
> But ain't that the purpose of mass distributing a commercial (support part)
> swiss army knife telecom platform ?
>
> Why doesn't Freepbx come with FORCED password changes on install ?? i guess
> 150$ an hour support is better than no support at all right ?
>
> http://www.freepbx.org/support-and-professional-services
>
> There are also perl and python scanners out there that do :
>
> Scan ranges of ips for sip, scan them for default ssh/sip user/passes.. and
> create an asterisk sip.conf with these as well as the extensions for those.
>
> All the wanna-be hacker has to do next is mass dial and use un-authorized
> boxes... 99.5 % are all trixbox/freepbx etc
>
> But hey .. 99% of all stats are made up
>
>>> -----Original Message-----
>>> From: asterisk-biz-bounces at lists.digium.com [mailto:asterisk-biz-
>>> bounces at lists.digium.com] On Behalf Of John Todd
>>> Sent: September-01-09 11:59 AM
>>> To: Commercial and Business-Oriented Asterisk Discussion
>>> Subject: Re: [asterisk-biz] Any installations in European Consulates or
>>> Embassies?
>>>
>>>
>>> Well, I think that's a bit far-fetched.   Really, really far-fetched.
>>> Random fishing expeditions for vendors of PBX platforms, which are
>>> going to be on private networks, is inefficient to the point of zero
>>> returns.  There are so many other layers of security that have to be
>>> penetrated before the concept of "Asterisk" is a security element that
>>> is even considered...  If you've seen embassy telecommunications
>>> systems in any security-minded nation, you'd understand that vendor
>>> identity for primary platform isn't a serious consideration.
>>>
>>> JT
>>>
>>>
>>> On Sep 1, 2009, at 2:43 AM, C. Savinovich wrote:
>>>
>>>> I would be so paranoid... what if they want that information to see
>>>> what
>>>> embassies can be hacked?
>>>>
>>>> CS
>>>>
>>>> -----Original Message-----
>>>> From: asterisk-biz-bounces at lists.digium.com
>>>> [mailto:asterisk-biz-bounces at lists.digium.com] On Behalf Of John Todd
>>>> Sent: Tuesday, September 01, 2009 6:53 PM
>>>> To: Commercial and Business-Oriented Asterisk Discussion
>>>> Subject: [asterisk-biz] Any installations in European Consulates or
>>>> Embassies?
>>>>
>>>>
>>>> I've got a rather unusual request to discover if any European
>>>> Consulates are
>>>> running Asterisk as their PBX platform.  For that matter, are there
>>>> any
>>>> embassies that could step forward?  This is for a private query (by
>>>> another
>>>> consulate) and replies may be privately held if requested, other than
>>>> informing the end user.  Or they may be public, which would be
>>>> preferred so
>>>> we can get various government agencies on the list of reference-able
>>>> sites.
>>>>
>>>> JT
>>>>
>>>
>>> ---
>>> John Todd                       email:jtodd at digium.com
>>> Digium, Inc. | Asterisk Open Source Community Director
>>> 445 Jan Davis Drive NW -  Huntsville AL 35806  -   USA
>>> direct: +1-256-428-6083         http://www.digium.com/
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>>>
>>> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
>>> Register Now: http://www.astricon.net
>>>
>>> asterisk-biz mailing list
>>> To UNSUBSCRIBE or update options visit:
>>>   http://lists.digium.com/mailman/listinfo/asterisk-biz
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-biz
>

More information about the asterisk-biz mailing list