[asterisk-bugs] [Asterisk 0016226]: 1.4.26.3 security issue - Chinese IPs somehow are making calls without authentication
Asterisk Bug Tracker
noreply at bugs.digium.com
Thu Nov 12 02:12:41 CST 2009
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=16226
======================================================================
Reported By: faxguy
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 16226
Category: Channels/chan_sip/General
Reproducibility: always
Severity: minor
Priority: normal
Status: new
Asterisk Version: 1.4.26.3
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2009-11-11 17:15 CST
Last Modified: 2009-11-12 02:12 CST
======================================================================
Summary: 1.4.26.3 security issue - Chinese IPs somehow are
making calls without authentication
Description:
This is from the CLI. I don't know who 113.105.15.56 is, but for at least
a week now they've (that whole Class C network) been making calls out
through my Asterisk system without authentication. I don't know how...
-- Executing [011441616604001 at default:1]
Dial("SIP/113.105.152.56-08e4b3a8",
"IAX2/obfuscated-user:obfuscated-pass at voip-co2.teliax.com/011441616604001")
in new stack
-- Called
obfuscated-user:obfuscated-pass at voip-co2.teliax.com/011441616604001
-- Call accepted by 63.211.239.28 (format ulaw)
-- Format for call is ulaw
-- IAX2/63.211.239.28:4569-15287 is ringing
-- IAX2/63.211.239.28:4569-15287 stopped sounds
-- IAX2/63.211.239.28:4569-15287 answered SIP/113.105.152.56-08e4b3a8
-- Hungup 'IAX2/63.211.239.28:4569-15287'
== Spawn extension (default, 011441616604001, 1) exited non-zero on
'SIP/113.105.152.56-08e4b3a8'
To remedy this I have simply firewalled out their IP range. But I'd like
to fix the problem with the SIP driver directly.
======================================================================
----------------------------------------------------------------------
(0113707) alecdavis (reporter) - 2009-11-12 02:12
https://issues.asterisk.org/view.php?id=16226#c113707
----------------------------------------------------------------------
guess you didn't run "make samples" as that may have overwritten your
existing configuration, if you had one.
make samples installs the following file
asterisk-1.4.26.3/configs/sip.conf.sample
which contains
;allowguest=no ; Allow or reject guest calls (default is
yes)
Issue History
Date Modified Username Field Change
======================================================================
2009-11-12 02:12 alecdavis Note Added: 0113707
======================================================================
More information about the asterisk-bugs
mailing list