<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><DIV>Ok, so let me see if I understand this now....</DIV>
<DIV> </DIV>
<DIV>someone could have done something like this from their SIP phone or asterisk console</DIV>
<DIV> </DIV>
<DIV>dial/SIP/my_IP_ADDRESS/01159721232</DIV>
<DIV> </DIV>
<DIV>and my dial plan of course let them out because I'm a lazy hack who hasn't yet tightened up on the security. Honestly, I've read TFOT volume 2 many times and never would have known it would be that easy. I am working on tightening up the dial plan now. It's been working for me for several years now but only in the last few weeks did anything go wrong.</DIV>
<DIV> </DIV>
<DIV style="FONT-FAMILY: times new roman, new york, times, serif; FONT-SIZE: 12pt"><BR>
<DIV style="FONT-FAMILY: times new roman, new york, times, serif; FONT-SIZE: 12pt"><FONT size=2 face=Tahoma>
<HR SIZE=1>
<B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B> Vahan Yerkanian <vahan@arminco.com><BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B> Asterisk on BSD discussion <asterisk-bsd@lists.digium.com><BR><B><SPAN style="FONT-WEIGHT: bold">Sent:</SPAN></B> Mon, August 30, 2010 2:38:37 PM<BR><B><SPAN style="FONT-WEIGHT: bold">Subject:</SPAN></B> Re: [Asterisk-bsd] Securing Asterisk with a DID<BR></FONT><BR>On 8/30/10 11:13 PM, Frank Griffith wrote:
<BLOCKQUOTE type="cite">
<DIV style="FONT-FAMILY: times new roman, new york, times, serif; FONT-SIZE: 12pt">
<DIV>Well obviously there is a remote SIP connecting. But my server is not setup to allow any remote connections. According to the VOIP provider I've been brute force attacked yet Asterisk leaves no log information as to which account was logged into. Thus I'm still stuck trying to figure out what happened.</DIV>
<DIV> </DIV></DIV></BLOCKQUOTE>Let me repeat, the fact that you have _011X. in your [default] context proves that your Asterisk installation is an open door to anyone to dial it from a remote location without passing authentication, unless you have permit/deny rules to block world.<BR><BR>Vahan<BR></DIV></DIV></div><br>
</body></html>