[asterisk-biz] A hacker attack on asterisk
Eric "ManxPower" Wieling
eric at fnords.org
Fri Sep 4 11:44:39 CDT 2009
At least in the past Asterisk by default allows guest calls. I
recommend the following:
Put context=INVALID in [general] There's nothing special about the
name, it just reminds me why I put it in there. If you want you can put
a [INVALID] section of extensions.conf to catch unauthenticated calls.
If you don't do this the call will just be rejected.
As the LAST entry in iax.conf put [guest] with context=INVALID. I've
not used IAX in a while, but for a long time any unauthenticated calls
would match the last entry in iax.conf.
Rehan Ahmed Allahwala wrote:
> We have a customer who is facing this problem.
>
> There gateway asterisk to the termination side is being attacked by the
> hacker.
>
> The gateway asterisk is using ip based authentication, and also iax user
> name and password.
>
> The hacker is somehow able to send out the call out via the gateway
> asterisk, faking the ip address.
>
> The FULL log does not show any trace of the call or the number which is
> being called in the NODE Asterisk of which ip is being used, however the
> log of the GATEWAY Asterisk shows that the call was made from the IP of
> the NODE asterisk.
>
> Any suggestions, what they can use to do a further authentication for
> this particular customer ?
>
> Rehan
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-biz
More information about the asterisk-biz
mailing list