[asterisk-biz] A hacker attack on asterisk
Mitul Limbani
mitul at enterux.com
Fri Sep 4 16:24:13 CDT 2009
Elliot, by any chance do you recollect your subject line of post or
date range of this issue (month year) helps searching the archive a
lot faster n better.
Thanks & Regards,
Mitul Limbani,
Founder & CEO,
Enterux Solutions Pvt. Ltd.,
The Enterprise Linux Company (r),
http://www.enterux.com
http://www.entVoice.com
On 05-Sep-2009, at 12:55 AM, Elliot Otchet <elliot.otchet at callingcircles.com
> wrote:
> Rehan,
>
> Search the archive, I posted a method for this a few months back.
> It works well for sip at blocking ip's of people in the guest cotext
> who dial invalid extensions.
>
> Regards,
>
> Elliot
>
> Pardon the typos, my Blackberry has small buttons.
> Elliot Otchet
> Calling Circles LLC
>
> ----- Original Message -----
> From: asterisk-biz-bounces at lists.digium.com <asterisk-biz-bounces at lists.digium.com
> >
> To: Commercial and Business-Oriented Asterisk Discussion <asterisk-biz at lists.digium.com
> >
> Sent: Fri Sep 04 12:44:39 2009
> Subject: Re: [asterisk-biz] A hacker attack on asterisk
>
> At least in the past Asterisk by default allows guest calls. I
> recommend the following:
>
> Put context=INVALID in [general] There's nothing special about the
> name, it just reminds me why I put it in there. If you want you can
> put
> a [INVALID] section of extensions.conf to catch unauthenticated calls.
> If you don't do this the call will just be rejected.
>
> As the LAST entry in iax.conf put [guest] with context=INVALID. I've
> not used IAX in a while, but for a long time any unauthenticated calls
> would match the last entry in iax.conf.
>
> Rehan Ahmed Allahwala wrote:
>> We have a customer who is facing this problem.
>>
>> There gateway asterisk to the termination side is being attacked by
>> the
>> hacker.
>>
>> The gateway asterisk is using ip based authentication, and also iax
>> user
>> name and password.
>>
>> The hacker is somehow able to send out the call out via the gateway
>> asterisk, faking the ip address.
>>
>> The FULL log does not show any trace of the call or the number
>> which is
>> being called in the NODE Asterisk of which ip is being used,
>> however the
>> log of the GATEWAY Asterisk shows that the call was made from the
>> IP of
>> the NODE asterisk.
>>
>> Any suggestions, what they can use to do a further authentication for
>> this particular customer ?
>>
>> Rehan
>>
>>
>>
>> ---
>> ---------------------------------------------------------------------
>>
>> _______________________________________________
>> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>>
>> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
>> Register Now: http://www.astricon.net
>>
>> asterisk-biz mailing list
>> To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-biz
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-biz
>
> This message is intended only for the use of the individual (s) or
> entity to which it is addressed and may contain information that is
> privileged, confidential, and/or proprietary to Calling Circles LLC
> and its affiliates. If the reader of this message is not the
> intended recipient, you are hereby notified that any dissemination,
> distribution, forwarding or copying of this communication is
> prohibited without the express permission of the sender. If you have
> received this communication in error, please notify the sender
> immediately and delete the original message.
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-biz
More information about the asterisk-biz
mailing list