[Asterisk-bsd] Asterisk Server Hacked
Hans Petter Selasky
hselasky at c2i.net
Mon Aug 30 01:36:40 CDT 2010
On Monday 30 August 2010 02:44:12 Frank Griffith wrote:
> How can I tell from /var/log/asterisk/cdr-csv/Master.csv if a call was made
> using one of my existing asterisk accounts or was made from a DID that my
> VOIP provider furnishes. The provider is claiming that my server was brute
> force attacked. I think that my extensions.conf file had a hole in it
> which allowed someone to dial the DID number and then dial out. I'm pretty
> sure of the DID weakness and just wasn't aware that someone has got a hold
> of it. But is my asterisk server has been compromised, that would surprise
> me.
>
> My asterisk server is behing a firewall natd server. I only have a few user
> accounts on it and the passwords for them are very cyrptic. I don't doubt
> anything these days but I'm just not sure how to confirm how the hackers
> are getting in.
I think you can't tell the difference, but you can add a log entry in
extensions conf which log invalid DID numbers. BTW: In PSTN terms it is
allowed to:
a) Fake the source address
b) Extend the number beyond the number of digits asterisk will match. Make
sure your dialplan is properly configured and that incoming and outoing
numbers are filtered for illegal 7-bit Ascii values.
--HPS
More information about the Asterisk-BSD
mailing list