[asterisk-bugs] [Asterisk 0016226]: 1.4.26.3 security issue - Chinese IPs somehow are making calls without authentication

Asterisk Bug Tracker noreply at bugs.digium.com
Thu Nov 12 02:12:41 CST 2009


A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=16226 
====================================================================== 
Reported By:                faxguy
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   16226
Category:                   Channels/chan_sip/General
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     new
Asterisk Version:           1.4.26.3 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
====================================================================== 
Date Submitted:             2009-11-11 17:15 CST
Last Modified:              2009-11-12 02:12 CST
====================================================================== 
Summary:                    1.4.26.3 security issue - Chinese IPs somehow are
making calls without authentication
Description: 
This is from the CLI.  I don't know who 113.105.15.56 is, but for at least
a week now they've (that whole Class C network) been making calls out
through my Asterisk system without authentication.  I don't know how...

    -- Executing [011441616604001 at default:1]
Dial("SIP/113.105.152.56-08e4b3a8",
"IAX2/obfuscated-user:obfuscated-pass at voip-co2.teliax.com/011441616604001")
in new stack
    -- Called
obfuscated-user:obfuscated-pass at voip-co2.teliax.com/011441616604001
    -- Call accepted by 63.211.239.28 (format ulaw)
    -- Format for call is ulaw
    -- IAX2/63.211.239.28:4569-15287 is ringing
    -- IAX2/63.211.239.28:4569-15287 stopped sounds
    -- IAX2/63.211.239.28:4569-15287 answered SIP/113.105.152.56-08e4b3a8
    -- Hungup 'IAX2/63.211.239.28:4569-15287'
  == Spawn extension (default, 011441616604001, 1) exited non-zero on
'SIP/113.105.152.56-08e4b3a8'

To remedy this I have simply firewalled out their IP range.  But I'd like
to fix the problem with the SIP driver directly.
====================================================================== 

---------------------------------------------------------------------- 
 (0113707) alecdavis (reporter) - 2009-11-12 02:12
 https://issues.asterisk.org/view.php?id=16226#c113707 
---------------------------------------------------------------------- 
guess you didn't run "make samples" as that may have overwritten your
existing configuration, if you had one.

make samples installs the following file
asterisk-1.4.26.3/configs/sip.conf.sample

which contains
;allowguest=no                  ; Allow or reject guest calls (default is
yes) 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-11-12 02:12 alecdavis      Note Added: 0113707                          
======================================================================




More information about the asterisk-bugs mailing list