[asterisk-biz] Hacker's attack on Asterisk

Faiz Rehman faiz_grw at yahoo.com
Mon Sep 7 22:19:48 CDT 2009 

I was an Extension of 11 digits like"1403XXXXXXX" with the same password, I guess it was a brute force attack.
Thanks
faiz




>was the hacked extension from 100-199 range ? or 1000-9999 ?

Martin

On Sun, Sep 6, 2009 at 6:50 PM, Faiz Rehman<faiz_grw at yahoo.com> wrote:
> Hi
>
> IMy asterisk has been hacked my this IP "66.7.197.76". When i blocked this
> ip from Linux Firewall then he tried to attack from 2nd IP "200.90.72.141".
> He? fhound one my extension with a weak password and started dialing out.
> Thanks
>
> Faiz
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
> ? http://lists.digium.com/mailman/listinfo/asterisk-biz
>



------------------------------

Message: 3
Date: Sun, 6 Sep 2009 21:47:55 -0400
From: Steve Totaro <stotaro at totarotechnologies.com>
Subject: Re: [asterisk-biz] Hacker's attack on Asterisk by thses
    addresses    "66.7.197.76" and "200.90.72.141"
To: Commercial and Business-Oriented Asterisk Discussion
    <asterisk-biz at lists.digium.com>
Message-ID:
    <ea18e54a0909061847kd9a9efcl584eab6e4e66f600 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

On Sun, Sep 6, 2009 at 7:50 PM, Faiz Rehman <faiz_grw at yahoo.com> wrote:

> Hi
>
> IMy asterisk has been hacked my this IP "66.7.197.76". When i blocked this
> ip from Linux Firewall then he tried to attack from 2nd IP "200.90.72.141".
> He  fhound one my extension with a weak password and started dialing out.
> Thanks
>
> Faiz
>
>
> Since this is the biz list, I would expect that you are an ITSP?  Why not
only allow customer IPs and block the rest.

If you cannot do that, why not add a alpha character to your extensions.
Instead of 101, make it z101 or whatever.

Bottom line, don't have weak credentials or firewall rules.

-- 
Senior Systems and Network Administrator
Triple Canopy, Inc.,
2250 Corporate Park Drive, Suite 300
ph.   +1.703.673.5191
mob.+1.240.938.1212
FAX.+1.703.673.1279
steve.totaro at triplecanopy.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-biz/attachments/20090906/77eb5c82/attachment-0001.htm 

------------------------------

Message: 4
Date: Mon, 7 Sep 2009 14:50:32 +0100
From: Sam Tolu Koyejo <sam.t.koyejo at gmail.com>
Subject: [asterisk-biz] FREE ROAMING DUAL IMSI SIM CARD
To: asterisk-biz at lists.digium.com
Message-ID:
    <eabd610f0909070650qfdff2aasf0fe2d0966d17159 at mail.gmail.com>
Content-Type: text/plain; charset=windows-1252

Hello friends!


This is introducing our new FREE ROAMING DUAL IMSI SIM CARD.
YOU CAN NOW ENJOY FREE INTERNATIONAL ROAMING IN THE USA (United States
of America) AND 200 OTHER COUNTRIES:

FREE INTERNATIONAL ROAMING COUNTRIES:
Albania, Algeria, Angola, Australia, Austria, Bahrain, Bolivia, Bosnia
and Herzegovina, Brunei Darussalam, Burundi, Chad, Costa Rica,
Croatia, Cyprus, Egypt, Estonia, Finland, France, Georgia, Germany,
Greece, Guatemala, Hungary, Iran, Iraq, Ireland, Israel, Italy, Japan,
Jordan, Kenya, South Korea, Latvia, Lebanon, Lithuania Luxembourg,
Malawi, Malta, Mongolia, Montserrat, Netherlands, Nigeria, Norway,
Poland, Portugal, Puerto Rico, Reunion Islands,
Russian Federation, Rwanda, Saudi Arabia, Slovakia, South Africa,
Spain, Sweden, Syria, Tanzania, Trinidad,
Tobago, Turkey, Turkmenistan, Uganda, United Kingdom, United States,
US Virgin Islands, Venezuela, Viet Nam, Yemen, Zambia.


IT's A FAST SELLING SIM CARD? THOUSANDS HAVE ALREADY BEEN SOLD.
LIMITED STOCK AVAILABLE. HURRY!

SERIOUS ORDERS ONLY (Wholesalers): +44 792 42 99939

All the best

Sam



------------------------------

Message: 5
Date: Mon, 7 Sep 2009 15:04:46 +0100
From: "Magnus Kelly" <magnus.kelly at mapesbury.com>
Subject: Re: [asterisk-biz] FREE ROAMING DUAL IMSI SIM CARD
To: "Commercial and Business-Oriented Asterisk Discussion"
    <asterisk-biz at lists.digium.com>
Message-ID:
    <1D72026B146FC94890527F4D175634C85F33D0 at heartbeat.headquarters.mapesbury.com>
    
Content-Type: text/plain;    charset="us-ascii"

And the connection to asterisk is?

> -----Original Message-----
> From: asterisk-biz-bounces at lists.digium.com [mailto:asterisk-biz-
> bounces at lists.digium.com] On Behalf Of Sam Tolu Koyejo
> Sent: 07 September 2009 14:51
> To: asterisk-biz at lists.digium.com
> Subject: [asterisk-biz] FREE ROAMING DUAL IMSI SIM CARD
> 
> Hello friends!
> 
> 
> This is introducing our new FREE ROAMING DUAL IMSI SIM CARD.
> YOU CAN NOW ENJOY FREE INTERNATIONAL ROAMING IN THE USA (United States
> of America) AND 200 OTHER COUNTRIES:



------------------------------

Message: 6
Date: Mon, 7 Sep 2009 11:02:13 -0500
From: Martin <asterisklist at callthem.info>
Subject: Re: [asterisk-biz] FREE ROAMING DUAL IMSI SIM CARD
To: Commercial and Business-Oriented Asterisk Discussion
    <asterisk-biz at lists.digium.com>
Message-ID:
    <2c9ffb720909070902l426294f9y11247900fa181568 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

On Mon, Sep 7, 2009 at 9:04 AM, Magnus Kelly<magnus.kelly at mapesbury.com> wrote:
> And the connection to asterisk is?

You can call your Asterisk with it ... Go through IVRs etc :)

Martin



------------------------------

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-biz

End of asterisk-biz Digest, Vol 62, Issue 14
********************************************

More information about the asterisk-biz mailing list