[asterisk-biz] A hacker attack on asterisk
Andy day
andy at iptelesis.com
Fri Sep 4 12:21:15 CDT 2009
Rehan,
Asterisk is likely looking at the sip headers for IP authentication and not
the actual IP headers. SIP headers can be spoofed, but I don't believe they
can spoof the IP packets and still have it routed properly to this customer
unless they are on the same network. If the customer does a packet capture
(tcpdump tethereal etc) they should see the ip and sip headers do not match
on those calls. They could use IP tables or some other ACL to block the
hackers.
Andy Day
Velocity Networks / IP Telesis
801-783-5105
www.vel.net
Date: Fri, 4 Sep 2009 22:59:48 +0800
From: Rehan Ahmed Allahwala <rehan at supertec.com>
Subject: [asterisk-biz] A hacker attack on asterisk
To: Commercial and Business-Oriented Asterisk Discussion
<asterisk-biz at lists.digium.com>
Message-ID:
<865f01c80909040759g88af260kb8f6065b3b53417c at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
We have a customer who is facing this problem.
There gateway asterisk to the termination side is being attacked by the
hacker.
The gateway asterisk is using ip based authentication, and also iax user
name and password.
The hacker is somehow able to send out the call out via the gateway
asterisk, faking the ip address.
The FULL log does not show any trace of the call or the number which is
being called in the NODE Asterisk of which ip is being used, however the log
of the GATEWAY Asterisk shows that the call was made from the IP of the NODE
asterisk.
Any suggestions, what they can use to do a further authentication for this
particular customer ?
Rehan
More information about the asterisk-biz
mailing list