[asterisk-biz] Hacker's attack on Asterisk
Ken Rice
krice at rmktek.com
Mon Sep 7 23:58:27 CDT 2009
I guess you don't want people to be able to call you via an enum gateway
then...
The problem isnt in accepting anonymous/"guest" calls... The problem is not
having them properly contained so that they can only route where you want
them to route to
Also you must use some sane username/password policies for your sip
credentials... Using exten 1000 w/ a password of 1000, or password or 1234
or something equally silly is asking to get hacked...
Remember, always treat the passwords for sip the same as you would any other
passwords make them long and complex... Sure someone could brute force them
but its a lot harder to brute force a 10 character password that uses mixed
case alphas, numerics and punctuation symbols
> From: Matt Riddell <lists at venturevoip.com>
> Reply-To: Commercial and Business-Oriented Asterisk Discussion
> <asterisk-biz at lists.digium.com>
> Date: Tue, 08 Sep 2009 16:23:51 +1200
> To: Commercial and Business-Oriented Asterisk Discussion
> <asterisk-biz at lists.digium.com>
> Subject: Re: [asterisk-biz] Hacker's attack on Asterisk
>
> On 8/09/09 4:09 PM, Alex Balashov wrote:
>> Never, ever accept anonymous/"guest" calls. For any reason. Ever.
>> Doesn't matter what the reason is. Just don't.
>
> Honeypot?
>
> --
> Cheers,
>
> Matt Riddell
> Director
> _______________________________________________
>
> http://www.venturevoip.com/news.php (Daily Asterisk News)
> http://www.venturevoip.com/st.php (SmoothTorque Predictive Dialer)
> http://www.venturevoip.com/c3.php (ConduIT3 PABX Systems)
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-biz
More information about the asterisk-biz
mailing list