[asterisk-biz] A hacker attack on asterisk

Rehan Ahmed Allahwala rehan at supertec.com
Fri Sep 4 09:59:48 CDT 2009


We have a customer who is facing this problem.

There gateway asterisk to the termination side is being attacked by the
hacker.

The gateway asterisk is using ip based authentication, and also iax user
name and password.

The hacker is somehow able to send out the call out via the gateway
asterisk, faking the ip address.

The FULL log does not show any trace of the call or the number which is
being called in the NODE Asterisk of which ip is being used, however the log
of the GATEWAY Asterisk shows that the call was made from the IP of the NODE
asterisk.

Any suggestions, what they can use to do a further authentication for this
particular customer ?

Rehan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-biz/attachments/20090904/150fd7c8/attachment.htm 


More information about the asterisk-biz mailing list