[asterisk-bugs] [Asterisk 0016226]: 1.4.26.3 security issue - Chinese IPs somehow are making calls without authentication
Asterisk Bug Tracker
noreply at bugs.digium.com
Thu Nov 12 07:37:01 CST 2009
The following issue has been UPDATED.
======================================================================
https://issues.asterisk.org/view.php?id=16226
======================================================================
Reported By: faxguy
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 16226
Category: Channels/chan_sip/General
Reproducibility: always
Severity: minor
Priority: normal
Status: closed
Asterisk Version: 1.4.26.3
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
Resolution: no change required
Fixed in Version:
======================================================================
Date Submitted: 2009-11-11 17:15 CST
Last Modified: 2009-11-12 07:37 CST
======================================================================
Summary: 1.4.26.3 security issue - Chinese IPs somehow are
making calls without authentication
Description:
This is from the CLI. I don't know who 113.105.15.56 is, but for at least
a week now they've (that whole Class C network) been making calls out
through my Asterisk system without authentication. I don't know how...
-- Executing [011441616604001 at default:1]
Dial("SIP/113.105.152.56-08e4b3a8",
"IAX2/obfuscated-user:obfuscated-pass at voip-co2.teliax.com/011441616604001")
in new stack
-- Called
obfuscated-user:obfuscated-pass at voip-co2.teliax.com/011441616604001
-- Call accepted by 63.211.239.28 (format ulaw)
-- Format for call is ulaw
-- IAX2/63.211.239.28:4569-15287 is ringing
-- IAX2/63.211.239.28:4569-15287 stopped sounds
-- IAX2/63.211.239.28:4569-15287 answered SIP/113.105.152.56-08e4b3a8
-- Hungup 'IAX2/63.211.239.28:4569-15287'
== Spawn extension (default, 011441616604001, 1) exited non-zero on
'SIP/113.105.152.56-08e4b3a8'
To remedy this I have simply firewalled out their IP range. But I'd like
to fix the problem with the SIP driver directly.
======================================================================
----------------------------------------------------------------------
(0113716) lmadsen (administrator) - 2009-11-12 07:37
https://issues.asterisk.org/view.php?id=16226#c113716
----------------------------------------------------------------------
This is not a bug, or a security issue. It is a configuration issue. Any
further discussion should be done on the asterisk-users mailing list.
Issue History
Date Modified Username Field Change
======================================================================
2009-11-12 07:37 lmadsen Note Added: 0113716
2009-11-12 07:37 lmadsen Status new => closed
2009-11-12 07:37 lmadsen Resolution open => no change
required
======================================================================
More information about the asterisk-bugs
mailing list