[asterisk-biz] A hacker attack on asterisk

Eric "ManxPower" Wieling eric at fnords.org
Fri Sep 4 11:44:39 CDT 2009


At least in the past Asterisk by default allows guest calls.  I 
recommend the following:

Put context=INVALID in [general]  There's nothing special about the 
name, it just reminds me why I put it in there.  If you want you can put 
a [INVALID] section of extensions.conf to catch unauthenticated calls. 
If you don't do this the call will just be rejected.

As the LAST entry in iax.conf put [guest] with context=INVALID.  I've 
not used IAX in a while, but for a long time any unauthenticated calls 
would match the last entry in iax.conf.

Rehan Ahmed Allahwala wrote:
> We have a customer who is facing this problem.
> 
> There gateway asterisk to the termination side is being attacked by the 
> hacker.
> 
> The gateway asterisk is using ip based authentication, and also iax user 
> name and password.
> 
> The hacker is somehow able to send out the call out via the gateway 
> asterisk, faking the ip address.
> 
> The FULL log does not show any trace of the call or the number which is 
> being called in the NODE Asterisk of which ip is being used, however the 
> log of the GATEWAY Asterisk shows that the call was made from the IP of 
> the NODE asterisk.
> 
> Any suggestions, what they can use to do a further authentication for 
> this particular customer ?
> 
> Rehan
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
> 
> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> Register Now: http://www.astricon.net
> 
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-biz



More information about the asterisk-biz mailing list