[asterisk-biz] A hacker attack on asterisk

Elliot Otchet elliot.otchet at callingcircles.com
Fri Sep 4 14:25:10 CDT 2009


Rehan,

Search the archive,  I posted a method for this a few months back.  It works well for sip at blocking ip's of people in the guest cotext who dial invalid extensions.

Regards,

Elliot

Pardon the typos, my Blackberry has small buttons.
Elliot Otchet
Calling Circles LLC

----- Original Message -----
From: asterisk-biz-bounces at lists.digium.com <asterisk-biz-bounces at lists.digium.com>
To: Commercial and Business-Oriented Asterisk Discussion <asterisk-biz at lists.digium.com>
Sent: Fri Sep 04 12:44:39 2009
Subject: Re: [asterisk-biz] A hacker attack on asterisk

At least in the past Asterisk by default allows guest calls.  I
recommend the following:

Put context=INVALID in [general]  There's nothing special about the
name, it just reminds me why I put it in there.  If you want you can put
a [INVALID] section of extensions.conf to catch unauthenticated calls.
If you don't do this the call will just be rejected.

As the LAST entry in iax.conf put [guest] with context=INVALID.  I've
not used IAX in a while, but for a long time any unauthenticated calls
would match the last entry in iax.conf.

Rehan Ahmed Allahwala wrote:
> We have a customer who is facing this problem.
>
> There gateway asterisk to the termination side is being attacked by the
> hacker.
>
> The gateway asterisk is using ip based authentication, and also iax user
> name and password.
>
> The hacker is somehow able to send out the call out via the gateway
> asterisk, faking the ip address.
>
> The FULL log does not show any trace of the call or the number which is
> being called in the NODE Asterisk of which ip is being used, however the
> log of the GATEWAY Asterisk shows that the call was made from the IP of
> the NODE asterisk.
>
> Any suggestions, what they can use to do a further authentication for
> this particular customer ?
>
> Rehan
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-biz

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

AstriCon 2009 - October 13 - 15 Phoenix, Arizona
Register Now: http://www.astricon.net

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-biz

This message is intended only for the use of the individual (s) or entity to which it is addressed and may contain information that is privileged, confidential, and/or proprietary to Calling Circles LLC and its affiliates. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, forwarding or copying of this communication is prohibited without the express permission of the sender. If you have received this communication in error, please notify the sender immediately and delete the original message.


More information about the asterisk-biz mailing list